-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathfirestore.rules
44 lines (36 loc) · 1.19 KB
/
firestore.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /projects/{project} {
function getProjectResource() {
return get(/databases/$(database)/documents/projects/$(project));
}
function isEmailVerified() {
return
request.auth != null &&
request.auth.token.email_verified;
}
function isUserListed(projectResource) {
return request.auth.token.email in projectResource.data.users;
}
function isUserAllowed(projectResource) {
return
isEmailVerified() &&
isUserListed(projectResource);
}
allow read: if isUserAllowed(resource);
match /user_presence/{user} {
allow read: if isUserAllowed(getProjectResource());
allow write: if isUserAllowed(getProjectResource()) && user == request.auth.token.email;
}
match /{collection}/{docId} {
allow read: if isUserAllowed(getProjectResource());
match /{nestedCollection}/{nestedDocId} {
allow read: if
isUserAllowed(getProjectResource()) &&
(collection != "tables" || docId != "uuid-table");
}
}
}
}
}