Created
April 13, 2020 15:36
-
-
Save juanje/544ac99e78474e55f19e7bbbfb50c7fc to your computer and use it in GitHub Desktop.
Example of Rules configuration for Firebase/Firestore
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rules_version = '2'; | |
service cloud.firestore { | |
match /databases/{database}/documents { | |
function isAdmin() { | |
let adminData = get(/databases/$(database)/documents/permissions/admin).data; | |
return isCompany() && request.auth.uid in adminData.userIds | |
} | |
function isCompany() { | |
return request.auth.token.email.matches(".*@company.com") | |
} | |
function isOwner(userId) { | |
return isCompany() && request.auth.uid == userId | |
} | |
function isDayOwner() { | |
return isCompany() && request.auth.uid == resource.data.userId | |
} | |
function existsDay(day) { | |
return exists(/databases/$(database)/documents/days/$(day)) | |
} | |
function isWarnOwner() { | |
let requestEmail = request.auth.token.email; | |
let warningEmail = resource.data.email; | |
return isCompany() && requestEmail == warningEmail | |
} | |
function existsWarn(warningId) { | |
return exists(/databases/$(database)/documents/warnings/$(warningId)) | |
} | |
match /{document=**} { | |
match /users/{userId} { | |
allow read: if isOwner(userId) || isAdmin(); | |
allow write: if isOwner(userId); | |
} | |
match /timetrackings/{timetrackingId} { | |
allow read: if isOwner(timetrackingId) || isAdmin(); | |
allow write: if isOwner(timetrackingId); | |
} | |
match /days/{day} { | |
allow read: if isDayOwner() || isAdmin(); | |
allow write: if isCompany() && existsDay(day) == false ; | |
} | |
match /schedulers/{scheduler} { | |
allow read: if isCompany(); | |
allow write: if isAdmin(); | |
} | |
match /projects/{projectId} { | |
allow read, write: if isAdmin(); | |
} | |
match /warnings/{warningId} { | |
allow read: if isWarnOwner() || isAdmin(); | |
allow create: if isCompany() && existsWarn(warningId) == false ; | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment