Add support for Cloud Firestore Security Rules (#4120)

* Add samples and language definition for Firestore Rules * Add grammar module and also fix the list-updating bug * Generate a unique language ID * Fix failing test reminders and update lists
github-linguist · May 1, 2018 · d8e4680 · d8e4680
1 parent f9c00de
commit d8e4680
Show file tree

Hide file tree

Showing 8 changed files with 153 additions and 1 deletion.
diff --git a/.gitmodules b/.gitmodules
@@ -226,6 +226,9 @@
 [submodule "vendor/grammars/assembly"]
 	path = vendor/grammars/assembly
 	url = https://github.com/nanoant/assembly.tmbundle
+[submodule "vendor/grammars/atom-firestore-grammar"]
+	path = vendor/grammars/atom-firestore-grammar
+	url = https://github.com/jaysquared/atom-firestore-grammar
 [submodule "vendor/grammars/atom-fsharp"]
 	path = vendor/grammars/atom-fsharp
 	url = https://github.com/fsprojects/atom-fsharp

diff --git a/grammars.yml b/grammars.yml
@@ -185,6 +185,8 @@ vendor/grammars/asp.tmbundle:
 vendor/grammars/assembly:
 - objdump.x86asm
 - source.x86asm
+vendor/grammars/atom-firestore-grammar:
+- source.firestore
 vendor/grammars/atom-fsharp:
 - source.fsharp
 - source.fsharp.fsi

diff --git a/lib/linguist/languages.yml b/lib/linguist/languages.yml
@@ -734,6 +734,15 @@ Closure Templates:
   - ".soy"
   tm_scope: text.html.soy
   language_id: 357046146
+Cloud Firestore Security Rules:
+  type: data
+  ace_mode: less
+  codemirror_mode: css
+  codemirror_mime_type: text/css
+  tm_scope: source.firestore
+  filenames:
+  - firestore.rules
+  language_id: 407996372
 CoNLL-U:
   type: data
   extensions:

diff --git a/samples/Cloud Firestore Security Rules/filenames/firestore.rules b/samples/Cloud Firestore Security Rules/filenames/firestore.rules
@@ -0,0 +1,106 @@
+service cloud.firestore {
+  match /databases/{database}/documents {
+    match /activities/{activity} {
+
+      allow create: if isSignedIn()
+                    && isOwner(incomingData().authorId)
+                    && isValidActivity(incomingData())
+                    && hasAllowedActivityFieldsForCreate(incomingData());
+
+      allow read, delete: if isSignedIn()
+                          && isOwner(existingData().authorId);
+
+      allow update: if isSignedIn()
+                    && isOwner(existingData().authorId)
+                    && isValidActivity(incomingData())
+                    && hasAllowedActivityFieldsForUpdate(incomingData());
+
+    }
+    match /skills/{skill} {
+
+      allow create: if isSignedIn()
+                    && isOwner(incomingData().authorId)
+                    && isValidSkill(incomingData())
+                    && hasAllowedSkillFieldsForCreate(incomingData());
+
+      allow read, delete: if isSignedIn()
+                          && isOwner(existingData().authorId);
+
+      allow update: if isSignedIn()
+                    && isOwner(existingData().authorId)
+                    && isValidSkill(incomingData())
+                    && hasAllowedSkillFieldsForUpdate(incomingData());
+
+    }
+    match /activities-skills/{activitySkill} {
+
+      allow create: if isSignedIn()
+                    && isOwner(incomingData().authorId)
+                    && isValidActivitySkill(incomingData())
+                    && hasAllowedActivitySkillFieldsForCreate(incomingData());
+
+      allow read, delete: if isSignedIn()
+                          && isOwner(existingData().authorId);
+
+      allow update: if isSignedIn()
+                    && isOwner(existingData().authorId)
+                    && isValidActivitySkill(incomingData())
+                    && hasAllowedActivitySkillFieldsForUpdate(incomingData());
+
+    }
+     /// Functions ///
+    function isSignedIn() {
+      return request.auth != null;
+    }
+    function isOwner(userId) {
+      return request.auth.uid == userId;
+    }
+    function existingData() {
+      return resource.data;
+    }
+    function incomingData() {
+      return request.resource.data;
+    }
+    function isValidActivity(activity) {
+      return activity.title is string
+      	&& activity.title.size() > 3
+        && activity.title.size() < 250
+        && activity.summary is string
+        && (activity.audienceCountMin is int || activity.audienceCountMin == null)
+        && (activity.audienceCountMax is int || activity.audienceCountMax == null)
+        && (activity.audienceAgeMin is int || activity.audienceAgeMin == null)
+        && (activity.audienceAgeMax is int || activity.audienceAgeMax == null)
+        && activity.lastUpdateDate.date() is timestamp;
+    }
+    function hasAllowedActivityFieldsForUpdate(activity) {
+      return activity.keys().size() == 9 && activity.keys().hasAll(['authorId', 'title', 'summary', 'audienceCountMin', 'audienceCountMax', 'audienceAgeMin', 'audienceAgeMax', 'lastUpdateDate']);
+    }
+    function hasAllowedActivityFieldsForCreate(activity) {
+      return activity.keys().size() == 8 && activity.keys().hasAll(['authorId', 'title', 'summary', 'audienceCountMin', 'audienceCountMax', 'audienceAgeMin', 'audienceAgeMax', 'lastUpdateDate']);
+    }
+
+    function isValidSkill(skill) {
+      return skill.title is string
+        && skill.title.size() > 3
+        && skill.title.size() < 250
+        && skill.summary is string
+        && skill.lastUpdateDate.date() is timestamp;
+    }
+    function hasAllowedSkillFieldsForUpdate(skill) {
+      return skill.keys().size() == 5 && skill.keys().hasAll(['authorId', 'title', 'summary', 'lastUpdateDate']);
+    }
+    function hasAllowedSkillFieldsForCreate(skill) {
+      return skill.keys().size() == 4 && skill.keys().hasAll(['authorId', 'title', 'summary', 'lastUpdateDate']);
+    }
+    function isValidActivitySkill(activitySkill) {
+      return activitySkill.skillId is string
+        && activitySkill.activityId is string;
+    }
+    function hasAllowedActivitySkillFieldsForUpdate(activitySkill) {
+      return activitySkill.keys().size() == 4 && activitySkill.keys().hasAll(['authorId', 'skillId', 'activityId']);
+    }
+    function hasAllowedActivitySkillFieldsForCreate(activitySkill) {
+      return activitySkill.keys().size() == 3 && activitySkill.keys().hasAll(['authorId', 'skillId', 'activityId']);
+    }
+  }
+}
diff --git a/script/list-grammars b/script/list-grammars
@@ -78,7 +78,7 @@ class GrammarList
         short_url = "eregon/oz-tmbundle"
         long_url  = "https://github.com/eregon/oz-tmbundle"
       else
-        submodule = @submodules[@sources[scope].chomp("/")]
+        submodule = @submodules[(@sources[scope] || scope).chomp("/")]
         next unless submodule
         short_url = submodule[:short]
         long_url  = submodule[:url]

diff --git a/vendor/README.md b/vendor/README.md
@@ -62,6 +62,7 @@ This is a list of grammars that Linguist selects to provide syntax highlighting
 - **CLIPS:** [psicomante/CLIPS-sublime](https://github.com/psicomante/CLIPS-sublime)
 - **Clojure:** [atom/language-clojure](https://github.com/atom/language-clojure)
 - **Closure Templates:** [mthadley/language-closure-templates](https://github.com/mthadley/language-closure-templates)
+- **Cloud Firestore Security Rules:** [jaysquared/atom-firestore-grammar](https://github.com/jaysquared/atom-firestore-grammar)
 - **CMake:** [textmate/cmake.tmbundle](https://github.com/textmate/cmake.tmbundle)
 - **COBOL:** [bitbucket:bitlang/sublime_cobol](https://bitbucket.org/bitlang/sublime_cobol)
 - **CoffeeScript:** [atom/language-coffee-script](https://github.com/atom/language-coffee-script)

diff --git a/vendor/grammars/atom-firestore-grammar b/vendor/grammars/atom-firestore-grammar
diff --git a/vendor/licenses/grammar/atom-firestore-grammar.txt b/vendor/licenses/grammar/atom-firestore-grammar.txt
@@ -0,0 +1,30 @@
+---
+type: grammar
+name: atom-firestore-grammar
+license: mit
+---
+MIT License
+
+applies to:
+       - Grammar Rules, Copyright (c) 2017 Toba Technology
+       - Atom Plugin, Copyright (c) 2017 Jaysquared
+
+Copyright (c) 2017 Jaysquared
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.