Last active
September 20, 2021 06:15
-
-
Save gragland/b4e3d90782aa3dcc7a88786a795fde54 to your computer and use it in GitHub Desktop.
Some Firestore security rules
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rules_version = '2'; | |
service cloud.firestore { | |
match /databases/{database}/documents { | |
match /users/{uid} { | |
allow read, write: if isUser(uid); | |
} | |
match /items/{id} { | |
allow read: if true; | |
//allow read: if isOwner(); // Would restrict reads to owner | |
allow delete: if isOwner(); | |
allow update: if isOwner() && willBeOwner(); | |
allow create: if willBeOwner(); | |
} | |
} | |
} | |
// Helper functions that simplify our rules | |
// Check if user has the specified uid | |
function isUser(uid) { | |
return isSignedIn() && request.auth.uid == uid; | |
} | |
// Check if user is signed in | |
function isSignedIn() { | |
return request.auth.uid != null; | |
} | |
// Check if user matches current data owner | |
function isOwner(){ | |
return isUser(currentData().owner); | |
} | |
// Check if user matches future data owner (if write completes) | |
function willBeOwner(){ | |
return isUser(incomingData().owner); | |
} | |
// Get data being read | |
function currentData() { | |
return resource.data; | |
} | |
// Get data being written (merged with current data) | |
function incomingData() { | |
return request.resource.data; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment