-
Notifications
You must be signed in to change notification settings - Fork 4.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add support for Cloud Firestore Security Rules (#4120)
* Add samples and language definition for Firestore Rules * Add grammar module and also fix the list-updating bug * Generate a unique language ID * Fix failing test reminders and update lists
- Loading branch information
Showing
8 changed files
with
153 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
106 changes: 106 additions & 0 deletions
106
samples/Cloud Firestore Security Rules/filenames/firestore.rules
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,106 @@ | ||
service cloud.firestore { | ||
match /databases/{database}/documents { | ||
match /activities/{activity} { | ||
|
||
allow create: if isSignedIn() | ||
&& isOwner(incomingData().authorId) | ||
&& isValidActivity(incomingData()) | ||
&& hasAllowedActivityFieldsForCreate(incomingData()); | ||
|
||
allow read, delete: if isSignedIn() | ||
&& isOwner(existingData().authorId); | ||
|
||
allow update: if isSignedIn() | ||
&& isOwner(existingData().authorId) | ||
&& isValidActivity(incomingData()) | ||
&& hasAllowedActivityFieldsForUpdate(incomingData()); | ||
|
||
} | ||
match /skills/{skill} { | ||
|
||
allow create: if isSignedIn() | ||
&& isOwner(incomingData().authorId) | ||
&& isValidSkill(incomingData()) | ||
&& hasAllowedSkillFieldsForCreate(incomingData()); | ||
|
||
allow read, delete: if isSignedIn() | ||
&& isOwner(existingData().authorId); | ||
|
||
allow update: if isSignedIn() | ||
&& isOwner(existingData().authorId) | ||
&& isValidSkill(incomingData()) | ||
&& hasAllowedSkillFieldsForUpdate(incomingData()); | ||
|
||
} | ||
match /activities-skills/{activitySkill} { | ||
|
||
allow create: if isSignedIn() | ||
&& isOwner(incomingData().authorId) | ||
&& isValidActivitySkill(incomingData()) | ||
&& hasAllowedActivitySkillFieldsForCreate(incomingData()); | ||
|
||
allow read, delete: if isSignedIn() | ||
&& isOwner(existingData().authorId); | ||
|
||
allow update: if isSignedIn() | ||
&& isOwner(existingData().authorId) | ||
&& isValidActivitySkill(incomingData()) | ||
&& hasAllowedActivitySkillFieldsForUpdate(incomingData()); | ||
|
||
} | ||
/// Functions /// | ||
function isSignedIn() { | ||
return request.auth != null; | ||
} | ||
function isOwner(userId) { | ||
return request.auth.uid == userId; | ||
} | ||
function existingData() { | ||
return resource.data; | ||
} | ||
function incomingData() { | ||
return request.resource.data; | ||
} | ||
function isValidActivity(activity) { | ||
return activity.title is string | ||
&& activity.title.size() > 3 | ||
&& activity.title.size() < 250 | ||
&& activity.summary is string | ||
&& (activity.audienceCountMin is int || activity.audienceCountMin == null) | ||
&& (activity.audienceCountMax is int || activity.audienceCountMax == null) | ||
&& (activity.audienceAgeMin is int || activity.audienceAgeMin == null) | ||
&& (activity.audienceAgeMax is int || activity.audienceAgeMax == null) | ||
&& activity.lastUpdateDate.date() is timestamp; | ||
} | ||
function hasAllowedActivityFieldsForUpdate(activity) { | ||
return activity.keys().size() == 9 && activity.keys().hasAll(['authorId', 'title', 'summary', 'audienceCountMin', 'audienceCountMax', 'audienceAgeMin', 'audienceAgeMax', 'lastUpdateDate']); | ||
} | ||
function hasAllowedActivityFieldsForCreate(activity) { | ||
return activity.keys().size() == 8 && activity.keys().hasAll(['authorId', 'title', 'summary', 'audienceCountMin', 'audienceCountMax', 'audienceAgeMin', 'audienceAgeMax', 'lastUpdateDate']); | ||
} | ||
|
||
function isValidSkill(skill) { | ||
return skill.title is string | ||
&& skill.title.size() > 3 | ||
&& skill.title.size() < 250 | ||
&& skill.summary is string | ||
&& skill.lastUpdateDate.date() is timestamp; | ||
} | ||
function hasAllowedSkillFieldsForUpdate(skill) { | ||
return skill.keys().size() == 5 && skill.keys().hasAll(['authorId', 'title', 'summary', 'lastUpdateDate']); | ||
} | ||
function hasAllowedSkillFieldsForCreate(skill) { | ||
return skill.keys().size() == 4 && skill.keys().hasAll(['authorId', 'title', 'summary', 'lastUpdateDate']); | ||
} | ||
function isValidActivitySkill(activitySkill) { | ||
return activitySkill.skillId is string | ||
&& activitySkill.activityId is string; | ||
} | ||
function hasAllowedActivitySkillFieldsForUpdate(activitySkill) { | ||
return activitySkill.keys().size() == 4 && activitySkill.keys().hasAll(['authorId', 'skillId', 'activityId']); | ||
} | ||
function hasAllowedActivitySkillFieldsForCreate(activitySkill) { | ||
return activitySkill.keys().size() == 3 && activitySkill.keys().hasAll(['authorId', 'skillId', 'activityId']); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Submodule atom-firestore-grammar
added at
78ed1f
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
--- | ||
type: grammar | ||
name: atom-firestore-grammar | ||
license: mit | ||
--- | ||
MIT License | ||
|
||
applies to: | ||
- Grammar Rules, Copyright (c) 2017 Toba Technology | ||
- Atom Plugin, Copyright (c) 2017 Jaysquared | ||
|
||
Copyright (c) 2017 Jaysquared | ||
|
||
Permission is hereby granted, free of charge, to any person obtaining a copy | ||
of this software and associated documentation files (the "Software"), to deal | ||
in the Software without restriction, including without limitation the rights | ||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
copies of the Software, and to permit persons to whom the Software is | ||
furnished to do so, subject to the following conditions: | ||
|
||
The above copyright notice and this permission notice shall be included in all | ||
copies or substantial portions of the Software. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | ||
SOFTWARE. |