-
Notifications
You must be signed in to change notification settings - Fork 1
/
firebase.rules
145 lines (120 loc) · 4.67 KB
/
firebase.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
function getUserData() {
return get(/databases/$(database)/documents/users/$(request.auth.uid)).data;
}
function isDefined(what) {
return what != null;
}
function isTimestamp(what) {
return isDefined(what) && what is timestamp;
}
function isString(what) {
return isDefined(what) && what is string;
}
function isList(what) {
return isDefined(what) && what is list;
}
function isMap(what) {
return isDefined(what) && what is map;
}
function isBool(what) {
return isDefined(what) && what is bool;
}
function isLoggedIn() {
return isDefined(request.auth);
}
function doesOwn(what) {
return isDefined(what) && isLoggedIn() && request.auth.uid == what.id;
}
function isAuthorOf(what) {
return isDefined(what) && isLoggedIn() && request.auth.uid == what.data.authorID;
}
function isMemberOf(what) {
return isDefined(what) && isLoggedIn() && (!isDefined(what.data.members) || request.auth.uid in what.data.members);
}
function isAdminOf(what) {
return
(getUserData().admin == true)
|| (isDefined(what) && isMemberOf(what) && request.auth.uid in what.data.admins);
}
function isValidMessageOrComment(mc) {
return
(isString(mc.authorID))
&& (isTimestamp(mc.createdOn))
&& (isString(mc.text_content));
}
match /{document=**} {
allow read, create, update, delete: if getUserData().admin;
}
match /chat_rooms/{chat_room} {
function isValidChatRoom(cr) {
return
(isString(cr.name))
&& (!isDefined(cr.members) || isList(cr.members))
&& (isList(cr.admins));
}
function getChatRoomData() {
return get (/databases/$(database)/documents/chat_rooms/$(chat_room));
}
allow read: if isMemberOf(resource);
allow create: if isAdminOf(request.resource) && isMemberOf(request.resource) && isValidChatRoom(request.resource.data);
allow update: if isAdminOf(resource) && isAdminOf(request.resource) && isValidChatRoom(request.resource.data);
allow delete: if isAdminOf(resource);
match /messages/{message} {
allow read: if isMemberOf(getChatRoomData());
allow create: if isMemberOf(getChatRoomData()) && isValidMessageOrComment(request.resource.data);
allow update: if isMemberOf(getChatRoomData()) && isAuthorOf(resource) && isAuthorOf(request.resource) && isValidMessageOrComment(request.resource.data);
allow delete: if isAdminOf(getChatRoomData()) || isAuthorOf(resource);
}
}
match /posts/{post} {
function isValidPost(post) {
return
(isString(post.authorID))
&& (isTimestamp(post.createdOn))
&& (!('media_url' in post) || !isDefined(post.media_url) || isString(post.media_url))
&& (!('text_content' in post) || !isDefined(post.text_content) || isString(post.text_content));
}
function getPostData() {
return get(/databases/$(database)/documents/posts/$(post)).data;
}
allow read: if isLoggedIn();
allow create: if isAuthorOf(request.resource) && isValidPost(request.resource.data);
allow update: if isAuthorOf(resource) && isAuthorOf(request.resource) && isValidPost(request.resource.data);
allow delete: if isAuthorOf(resource);
match /comments/{comment} {
allow read: if isLoggedIn();
allow create: if isAuthorOf(request.resource) && isValidMessageOrComment(request.resource.data);
allow update: if isAuthorOf(resource) && isAuthorOf(request.resource) && isValidMessageOrComment(request.resource.data);
allow delete: if isAuthorOf(resource) || isAuthorOf(getPostData());
}
match /reactions/{reaction} {
function isValidReaction(reaction) {
return
(isString(reaction.type))
&& (reaction.type in ['LIKE', 'DISLIKE']);
}
allow read: if isLoggedIn();
allow create: if doesOwn(request.resource);
allow update: if doesOwn(request.resource) && doesOwn(resource);
allow delete: if doesOwn(resource);
}
}
match /users/{user} {
function isValidUser(user) {
return
(resource.data.admin == true || (isBool(user.admin) && user.admin == false))
&& (!('background_picture_url' in user) || !isDefined(user.background_picture_url) || isString(user.background_picture_url))
&& (!('birthday' in user) || !isDefined(user.birthday) || isTimestamp(user.birthday))
&& (isString(user.displayName))
&& (!('hobbies' in user) || !isDefined(user.hobbies) || isList(user.hobbies))
&& (isString(user.profile_picture_url));
}
allow read: if isLoggedIn();
allow create: if doesOwn(request.resource) && isValidUser(request.resource.data);
allow update: if doesOwn(resource) && doesOwn(request.resource) && isValidUser(request.resource.data);
}
}
}