Skip to content

Instantly share code, notes, and snippets.

@xar

xar/storage.rules

Created November 7, 2022 15:23
Show Gist options
  • Save xar/ee4d54b2a7a447836ed5ba839cc2a495 to your computer and use it in GitHub Desktop.
Save xar/ee4d54b2a7a447836ed5ba839cc2a495 to your computer and use it in GitHub Desktop.
Download ZIP
Storage rules exception
Raw
storage.rules
// https://firebase.google.com/docs/reference/security/storage
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
function checkFileSize() {
return true;
// return request.resource.size < 10 * 1024 * 1024; // 10MB file size limit
}
function hasPermissionToReadResource(resourceType, resourceId) {
let remoteDocument = firestore.get(/databases/(default)/documents/$(resourceType)/$(resourceId)).data;
let group = firestore.get(/databases/(default)/documents/group/$(remoteDocument).updateGroupId).data;
return remoteDocument.readGroupId == 'INTERNET';
}
function hasPermissionToWriteResource(resourceType, resourceId) {
let remoteDocument = firestore.get(/databases/(default)/documents/$(resourceType)/$(resourceId)).data;
let group = firestore.get(/databases/(default)/documents/group/$(remoteDocument).updateGroupId).data;
return request.auth != null && (
remoteDocument.updateGroupId in request.auth.token.groupIds ||
request.auth.uid in group.members ||
remoteDocument.ownerId == request.auth.uid ||
request.auth.uid in remoteDocument.permissionByKey.update ||
request.auth.uid in remoteDocument.properties.WORK.assignee.value
);
}
////////////
match /workspace/{resourceId}/{file} {
allow read: if checkFileSize() &&
hasPermissionToReadResource('workspace', resourceId);
allow write: if checkFileSize() &&
hasPermissionToWriteResource('workspace', resourceId);
}
// user files, only accessible by the same user
match /{userId}/{path=**} {
allow read: if request.auth.uid == userId;
allow write: if checkFileSize() && request.auth.uid == userId;
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment