From 875956fdf5d7aeb9602430365fc251b6e02b7b69 Mon Sep 17 00:00:00 2001 From: Sam Stern Date: Wed, 30 Sep 2020 07:45:22 -0400 Subject: [PATCH] Update firestore.rules --- firestore.rules | 39 +++++++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 16 deletions(-) diff --git a/firestore.rules b/firestore.rules index 4b2e4133..c3f231d5 100644 --- a/firestore.rules +++ b/firestore.rules @@ -1,29 +1,36 @@ -rules_version = "2"; +rules_version = '2'; service cloud.firestore { - match /databases/{database}/documents { - // Restaurants: - // - Authenticated user can read - // - Authenticated user can create/update (for demo) - // - Validate updates - // - Deletes are not allowed + // Determine if the value of the field "key" is the same + // before and after the request. + function unchanged(key) { + return (key in resource.data) + && (key in request.resource.data) + && (resource.data[key] == request.resource.data[key]); + } + + match /databases/{database}/documents { + // Restaurants: + // - Authenticated user can read + // - Authenticated user can create/update (for demo purposes only) + // - Updates are allowed if no fields are added and name is unchanged + // - Deletes are not allowed (default) match /restaurants/{restaurantId} { - allow read, create: if request.auth != null; + allow read: if request.auth != null; + allow create: if request.auth != null; allow update: if request.auth != null - && request.resource.data.name == resource.data.name - allow delete: if false; - + && (request.resource.data.keys() == resource.data.keys()) + && unchanged("name"); + // Ratings: // - Authenticated user can read // - Authenticated user can create if userId matches - // - Deletes and updates are not allowed + // - Deletes and updates are not allowed (default) match /ratings/{ratingId} { allow read: if request.auth != null; allow create: if request.auth != null && request.resource.data.userId == request.auth.uid; - allow update, delete: if false; - - } + } } } -} \ No newline at end of file +}