mirror of
https://github.com/rowyio/rowy.git
synced 2025-12-16 11:47:50 +01:00
37 lines
1.2 KiB
Plaintext
37 lines
1.2 KiB
Plaintext
|
rules_version = '2';
|
||
|
|
service cloud.firestore {
|
||
|
|
match /databases/{database}/documents {
|
||
|
|
// Allow admins to read and write all documents
|
||
|
|
match /{document=**} {
|
||
|
|
allow read, write: if hasAnyRole(["ADMIN", "OWNER"]);
|
||
|
|
}
|
||
|
|
|
||
|
|
// Rowy: Allow signed in users to read Rowy configuration and admins to write
|
||
|
|
match /_rowy_/{docId} {
|
||
|
|
allow read: if request.auth.token.roles.size() > 0;
|
||
|
|
allow write: if hasAnyRole(["ADMIN", "OWNER"]);
|
||
|
|
match /{document=**} {
|
||
|
|
allow read: if request.auth.token.roles.size() > 0;
|
||
|
|
allow write: if hasAnyRole(["ADMIN", "OWNER"]);
|
||
|
|
}
|
||
|
|
}
|
||
|
|
// Rowy: Allow users to edit their settings
|
||
|
|
match /_rowy_/userManagement/users/{userId} {
|
||
|
|
allow get, update, delete: if isDocOwner(userId);
|
||
|
|
allow create: if request.auth != null;
|
||
|
|
}
|
||
|
|
// Rowy: Allow public to read public Rowy configuration
|
||
|
|
match /_rowy_/publicSettings {
|
||
|
|
allow get: if true;
|
||
|
|
}
|
||
|
|
|
||
|
|
// Rowy: Utility functions
|
||
|
|
function isDocOwner(docId) {
|
||
|
|
return request.auth != null && (request.auth.uid == resource.id || request.auth.uid == docId);
|
||
|
|
}
|
||
|
|
function hasAnyRole(roles) {
|
||
|
|
return request.auth != null && request.auth.token.roles.hasAny(roles);
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|