Skip to content

Instantly share code, notes, and snippets.

@danahartweg

danahartweg/firestore.rules

Last active October 19, 2019 20:54
Show Gist options
  • Save danahartweg/4444c6fa656d0856922acf4a0db816cd to your computer and use it in GitHub Desktop.
Save danahartweg/4444c6fa656d0856922acf4a0db816cd to your computer and use it in GitHub Desktop.
Download ZIP
Firestore rules - Unit testing Cloud Firestore
Raw
firestore.rules
service cloud.firestore {
match /databases/{database}/documents {
// GENERIC //
function hasRoleForResource(targetResource, targetRoles) {
return targetResource.data.role in targetRoles;
}
// USERS //
function isAuthenticated() {
return request.auth != null;
}
function getUserResource(userId) {
return get(/databases/$(database)/documents/users/$(userId));
}
// HOMESTEAD //
function getHomesteadMemberPath(homesteadId) {
return /databases/$(database)/documents/homesteads/$(homesteadId)/members/$(request.auth.uid);
}
function getHomesteadMembershipResource(homesteadId) {
return get(getHomesteadMemberPath(homesteadId));
}
function hasHomesteadAccess(homesteadId) {
return exists(getHomesteadMemberPath(homesteadId));
}
// ROUTES //
match /{document=**} {
allow read, write: if false;
}
match /homesteads/{homesteadId} {
allow read: if hasHomesteadAccess(homesteadId);
allow update: if hasRoleForResource(getHomesteadMembershipResource(homesteadId), ['owner']);
allow create: if getUserResource(request.auth.uid).data.ownedHomestead == '';
}
match /users/{userId} {
allow read, update: if request.auth.uid == userId;
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment