-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfirestore.rules
36 lines (31 loc) · 1.58 KB
/
firestore.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /users/{userUid} {
allow get, delete: if request.auth.uid == userUid;
// Ensure that the userUid field of the created document equals the authenticated user uid.
allow create, update: if request.auth.uid == userUid && request.auth.uid == request.resource.data.userUid;
match /devices/{deviceId} {
allow get, delete: if request.auth.uid == userUid;
allow create, update: if request.auth.uid == userUid;
// Need to filter data while reading, see https://firebase.google.com/docs/firestore/security/rules-query
match /location-measurements/{locId} {
allow get, delete: if request.auth.uid == userUid || (get(/databases/$(database)/documents/users/$(userUid)).data.
authorizedUsers.hasAny([request.auth.uid])
);
allow list: if request.auth.uid == userUid || (get(/databases/$(database)/documents/users/$(userUid)).data.
authorizedUsers.hasAny([request.auth.uid])
) && request.query.limit <= 8640;
// Ensure that the createdByUid field of the created document equals the authenticated user uid.
allow create: if request.auth.uid == userUid;
}
match /logs/{logId} {
allow get, delete: if request.auth.uid == userUid;
allow list: if request.auth.uid == userUid && request.query.limit <= 8640;
// Ensure that the createdByUid field of the created document equals the authenticated user uid.
allow create: if request.auth.uid == userUid;
}
}
}
}
}