-
Notifications
You must be signed in to change notification settings - Fork 0
/
firestore.rules
86 lines (73 loc) · 3.06 KB
/
firestore.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
function isSignedIn () {
return request.auth != null;
}
function can(subject, action, scope) {
return subject + ':' + action + ':' + scope in request.auth.token.capabilities;
}
function canSimple(subject, action) {
return subject + ':' + action in request.auth.token.capabilities
|| can(subject, action, 'all');
}
function isOwner() {
return request.auth.uid == resource.data.uid;
}
function hasAccess(subject, action) {
return isSignedIn() && (canSimple('all', 'manage')
|| canSimple(subject, 'manage')
|| canSimple(subject, action)
|| (can(subject, action, 'own') && isOwner()));
}
match/events/{eventId} {
allow list: if hasAccess('events', 'list');
allow get: if hasAccess('events', 'get');
allow create: if hasAccess('events', 'create');
allow update: if hasAccess('events', 'update');
allow delete: if hasAccess('events', 'delete');
}
match/users/{userId} {
allow list: if hasAccess('users', 'list');
allow get: if hasAccess('users', 'get');
allow create: if hasAccess('users', 'create');
allow update: if hasAccess('users', 'update');
allow delete: if hasAccess('users', 'delete');
}
match/userSecurity/{userSecurityId} {
allow list: if hasAccess('userSecurity', 'list');
allow get: if hasAccess('userSecurity', 'get');
allow create: if hasAccess('userSecurity', 'create');
allow update: if hasAccess('userSecurity', 'update');
allow delete: if hasAccess('userSecurity', 'delete');
}
match/eventparticipants/{eventparticipantsId} {
allow list: if hasAccess('eventparticipants', 'list');
allow get: if hasAccess('eventparticipants', 'get');
allow create: if hasAccess('eventparticipants', 'create');
allow update: if hasAccess('eventparticipants', 'update');
allow delete: if hasAccess('eventparticipants', 'delete');
}
match/roles/{roleId} {
allow list: if hasAccess('roles', 'list');
allow get: if hasAccess('roles', 'get');
allow create: if hasAccess('roles', 'create');
allow update: if hasAccess('roles', 'update');
allow delete: if hasAccess('roles', 'delete');
}
match/userContext/{userId} {
allow list: if hasAccess('userContext', 'list');
allow get: if hasAccess('userContext', 'get');
allow create: if hasAccess('userContext', 'create');
allow update: if hasAccess('userContext', 'update');
allow delete: if hasAccess('userContext', 'delete');
}
match/capabilitiesRoles/{roleId} {
allow list: if hasAccess('capabilitiesRoles', 'list');
allow get: if hasAccess('capabilitiesRoles', 'get');
allow create: if hasAccess('capabilitiesRoles', 'create');
allow update: if hasAccess('capabilitiesRoles', 'update');
allow delete: if hasAccess('capabilitiesRoles', 'delete');
}
}
}