forked from PivotalExpert/pivotalexpert
/
database.rules.json
43 lines (43 loc) · 1.04 KB
/
database.rules.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
{
"rules": {
// Public read access for those data needed to display user profile
// Auth user have read access to all
// Auth user have write access to their own profile, log and analytics node
// admin have write access to all
"analytics" : {
".write" : "auth != null"
},
"auth": {
"admin" : {
//need to be changed to main admin only
".write" : "auth != null"
},
"users" : {
"$uid" : {
".read": true,
".write": "$uid === auth.uid"
}
},
"usedLinks" : {
".read": true,
".write" : "auth != null"
}
},
"library" : {
".read" : true
},
"signinLogs" : {
"$uid" : {
".write" : "$uid == auth.uid"
}
},
"userProfiles" : {
".read" : true,
"$uid" : {
".write" : "$uid == auth.uid "
}
},
".read": "auth != null",
".write": "auth != null && (auth.uid == root.child('auth/admin/admin').val() || root.child('auth/admin/subAdmins/' + auth.uid).exists())"
}
}