darwin-morocho/firestore_security_rules.md

## firestore_security_rules.md

      
    Raw
  

              firestore_security_rules.md
            
          
    Ejemplos de datos en Firestore
Colección users:
{
  "id": "uid1234",
  "username": "johndoe",
  "email": "johndoe@example.com",
  "photoUrl": "https://example.com/photo.jpg"
}

{
  "id": "uid5678",
  "username": "janedoe",
  "email": "janedoe@example.com"
}
Colección friendships:
{
  "id": "friendship1234",
  "users": ["uid1234", "uid5678"],
  "sender": "uid1234",
  "status": "active",
  "createdAt": "2023-11-14T10:00:00Z",
  "updatedAt": "2023-11-14T18:25:00Z"
}

{
  "id": "friendship5678",
  "users": ["uid5678", "uid9876"],
  "sender": "uid9876",
  "status": "pending",
  "createdAt": "2023-11-14T12:34:56Z"
}
Colección alerts:
{
  "id": "alert1234",
  "sender": "uid1234",
  "recipient": "uid5678",
  "createdAt": "2023-11-14T18:23:45Z"
}

{
  "id": "alert5678",
  "sender": "uid5678",
  "recipient": "uid1234",
  "createdAt": "2023-11-14T18:25:00Z"
}
Ejemplo de visualización:
Firestore:

users:
  - uid1234: {username: "johndoe", email: "johndoe@example.com", ...}
  - uid5678: {username: "janedoe", email: "janedoe@example.com", ...}

alerts:
  - alert1234: {sender: uid1234, recipient: uid5678, ...}
  - alert5678: {sender: uid5678, recipient: uid1234, ...}

friendships:
  - friendship1234: {users: [uid1234, uid5678], sender: uid1234, status: "active", ...}
  - friendship5678: {users: [uid5678, uid9876], status: "pending", ...}

Reglas

Default

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if false;
    }
  }
}

Permisos

read
write // create, update, delete
create
update
delete

Custom


rules_version = '2';

service cloud.firestore {
  match /databases/{database}/documents {
      
      // retorna el id del usuario autenticado
      function uid(){
        return request.auth.uid;
      }
      
      function requestData(){
        return request.resource.data;
      }
  
			match /users/{userId} {
        allow read;
        allow create: if request.auth != null && uid() == userId ;
        allow update: if uid() == userId && !("id" in requestData());
      }
      
      match /friendships/{friendshipId} {
        allow read: if request.auth.uid != null;
        allow create: if requestData().sender == uid() && uid() in requestData().users;
        allow update: if uid() in resource.data.users &&  !("users" in requestData()) && !("sender" in requestData()) && ("status" in requestData());
      }
      
      match /alerts/{alertId} {
       allow read: if resource.data.sender == uid() ||  resource.data.recipient == uid();
       allow create: if requestData().sender == uid() && requestData().sender != requestData().recipient;
      }
  }
}