-
-
Notifications
You must be signed in to change notification settings - Fork 85
/
cloud-firestore-security-rules.scroll
134 lines (117 loc) · 5.11 KB
/
cloud-firestore-security-rules.scroll
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
import ../code/conceptPage.scroll
id cloud-firestore-security-rules
name Cloud Firestore Security Rules
appeared 2017
tags application
fileType text
centralPackageRepositoryCount 0
country United States
originCommunity Google
reference https://firebase.google.com/docs/reference/rules/rules
linguistGrammarRepo https://github.com/jaysquared/atom-firestore-grammar
firstCommit 2017
lastCommit 2018
committerCount 3
commitCount 22
sampleCount 1
example
service cloud.firestore {
match /databases/{database}/documents {
match /activities/{activity} {
allow create: if isSignedIn()
&& isOwner(incomingData().authorId)
&& isValidActivity(incomingData())
&& hasAllowedActivityFieldsForCreate(incomingData());
allow read, delete: if isSignedIn()
&& isOwner(existingData().authorId);
allow update: if isSignedIn()
&& isOwner(existingData().authorId)
&& isValidActivity(incomingData())
&& hasAllowedActivityFieldsForUpdate(incomingData());
}
match /skills/{skill} {
allow create: if isSignedIn()
&& isOwner(incomingData().authorId)
&& isValidSkill(incomingData())
&& hasAllowedSkillFieldsForCreate(incomingData());
allow read, delete: if isSignedIn()
&& isOwner(existingData().authorId);
allow update: if isSignedIn()
&& isOwner(existingData().authorId)
&& isValidSkill(incomingData())
&& hasAllowedSkillFieldsForUpdate(incomingData());
}
match /activities-skills/{activitySkill} {
allow create: if isSignedIn()
&& isOwner(incomingData().authorId)
&& isValidActivitySkill(incomingData())
&& hasAllowedActivitySkillFieldsForCreate(incomingData());
allow read, delete: if isSignedIn()
&& isOwner(existingData().authorId);
allow update: if isSignedIn()
&& isOwner(existingData().authorId)
&& isValidActivitySkill(incomingData())
&& hasAllowedActivitySkillFieldsForUpdate(incomingData());
}
/// Functions ///
function isSignedIn() {
return request.auth != null;
}
function isOwner(userId) {
return request.auth.uid == userId;
}
function existingData() {
return resource.data;
}
function incomingData() {
return request.resource.data;
}
function isValidActivity(activity) {
return activity.title is string
&& activity.title.size() > 3
&& activity.title.size() < 250
&& activity.summary is string
&& (activity.audienceCountMin is int || activity.audienceCountMin == null)
&& (activity.audienceCountMax is int || activity.audienceCountMax == null)
&& (activity.audienceAgeMin is int || activity.audienceAgeMin == null)
&& (activity.audienceAgeMax is int || activity.audienceAgeMax == null)
&& activity.lastUpdateDate.date() is timestamp;
}
function hasAllowedActivityFieldsForUpdate(activity) {
return activity.keys().size() == 9 && activity.keys().hasAll(['authorId', 'title', 'summary', 'audienceCountMin', 'audienceCountMax', 'audienceAgeMin', 'audienceAgeMax', 'lastUpdateDate']);
}
function hasAllowedActivityFieldsForCreate(activity) {
return activity.keys().size() == 8 && activity.keys().hasAll(['authorId', 'title', 'summary', 'audienceCountMin', 'audienceCountMax', 'audienceAgeMin', 'audienceAgeMax', 'lastUpdateDate']);
}
function isValidSkill(skill) {
return skill.title is string
&& skill.title.size() > 3
&& skill.title.size() < 250
&& skill.summary is string
&& skill.lastUpdateDate.date() is timestamp;
}
function hasAllowedSkillFieldsForUpdate(skill) {
return skill.keys().size() == 5 && skill.keys().hasAll(['authorId', 'title', 'summary', 'lastUpdateDate']);
}
function hasAllowedSkillFieldsForCreate(skill) {
return skill.keys().size() == 4 && skill.keys().hasAll(['authorId', 'title', 'summary', 'lastUpdateDate']);
}
function isValidActivitySkill(activitySkill) {
return activitySkill.skillId is string
&& activitySkill.activityId is string;
}
function hasAllowedActivitySkillFieldsForUpdate(activitySkill) {
return activitySkill.keys().size() == 4 && activitySkill.keys().hasAll(['authorId', 'skillId', 'activityId']);
}
function hasAllowedActivitySkillFieldsForCreate(activitySkill) {
return activitySkill.keys().size() == 3 && activitySkill.keys().hasAll(['authorId', 'skillId', 'activityId']);
}
}
}
githubLanguage Cloud Firestore Security Rules
type data
filenames firestore.rules
aceMode less
codemirrorMode css
codemirrorMimeType text/css
tmScope source.firestore