This repository has been archived by the owner on Aug 25, 2018. It is now read-only.
Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
firefeed/rules.json
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
77 lines (77 sloc)
2.63 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "rules": { | |
| // All data is readable by anyone. | |
| ".read": true, | |
| "people": { | |
| // A list of users with their names on the site. | |
| "$userid": { | |
| // Only the user can write their own entry into this list. | |
| ".write": "$userid ==auth.uid" | |
| } | |
| }, | |
| "users": { | |
| "$userid": { | |
| // The user is allowed to write everything in their bucket. | |
| ".write": "$userid ==auth.uid", | |
| "following": { | |
| // The following list should only contain actual ids from the "people" list. | |
| "$followingid": { | |
| ".validate": "root.child('people').hasChild($followingid)" | |
| } | |
| }, | |
| "followers": { | |
| // Anyone can add themself to to this user's followers list. | |
| "$followerid": { | |
| ".write": "$followerid ==auth.uid" | |
| } | |
| }, | |
| "feed": { | |
| "$sparkid": { | |
| // User A can write in user B's feed, but only if A is following B, and only for sparks for which they are the author. | |
| ".write": "root.child('users/' + $userid + '/following').hasChild(auth.uid) && root.child('sparks/' + $sparkid + '/author').val() ==auth.uid" | |
| } | |
| } | |
| } | |
| }, | |
| "sparks": { | |
| // A global list of sparks (the "firehose"). | |
| "$sparkid": { | |
| // Modifying an existing spark is not allowed. | |
| ".write": "!data.exists()", | |
| // Every spark should have an author and a body. | |
| ".validate": "newData.hasChildren(['author', 'content'])", | |
| // A user can attribute a spark only to themselves. | |
| "author": { | |
| ".validate": "newData.val() ==auth.uid" | |
| }, | |
| "content": { | |
| ".validate": "newData.isString()" | |
| } | |
| } | |
| }, | |
| "recent-users": { | |
| // Users can add themselves to the list of users with recent activity. | |
| "$userid": { | |
| ".write": "$userid ==auth.uid" | |
| } | |
| }, | |
| "recent-sparks": { | |
| // Authors of sparks can add their sparks to this list. | |
| "$sparkid": { | |
| ".write": "root.child('sparks/' + $sparkid + '/author').val() ==auth.uid" | |
| } | |
| }, | |
| "search": { | |
| "firstName": { | |
| "$searchKey": { | |
| ".write": "auth != null && (root.child('people/' +auth.uid + '/firstName').val() + '|' + root.child('people/' +auth.uid + '/lastName').val() + '|' +auth.uid) == $searchKey && newData.val() ==auth.uid" | |
| } | |
| }, | |
| "lastName": { | |
| "$searchKey": { | |
| ".write": "auth != null && (root.child('people/' +auth.uid + '/lastName').val() + '|' + root.child('people/' +auth.uid + '/firstName').val() + '|' +auth.uid) == $searchKey && newData.val() ==auth.uid" | |
| } | |
| } | |
| } | |
| } | |
| } |