Created
October 5, 2017 23:05
-
-
Save rootux/f7a2861b68232f87db21a846d8e382f2 to your computer and use it in GitHub Desktop.
Firestore rules for TEAL based task app
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| service cloud.firestore { | |
| match /databases/{database}/documents { | |
| function isAdmin() { | |
| return exists(/databases/$(database)/documents/admins/$(request.auth.uid)); | |
| } | |
| function isUserAssigneeOrCreator() { | |
| return request.auth.uid == resource.assignee.id | |
| || request.auth.uid == resource.creator.id; | |
| } | |
| match /tasks/{anyTask=**} { | |
| allow read: if request.auth != null; | |
| allow create: if request.auth != null; | |
| allow update: if request.auth != null | |
| && (isUserAssigneeOrCreator() || isAdmin()) ; | |
| allow delete: if request.auth != null | |
| && (isUserAssigneeOrCreator() || isAdmin()) ; | |
| // Auth users can assign themself to task if no one assigned | |
| match /assignee { | |
| allow write: if request.auth != null && request.resource == null; | |
| } | |
| } | |
| match /users/{userId} { | |
| allow read: if request.auth != null; // Auth users can read | |
| allow write: if userId == request.auth.uid; | |
| } | |
| match /admins/{anyAdmin} { | |
| allow read: if false; | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment