-
Notifications
You must be signed in to change notification settings - Fork 15
/
firestore.rules
69 lines (60 loc) · 3.46 KB
/
firestore.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
function isGroupAdmin(conversationId){
return resource.data["group"] != null
&& request.auth.uid in resource.data["group"]["adminUids"];
}
function itemRemovedFromArray(arrayFieldName, removedItem) {
return resource.data[arrayFieldName].size() - 1 == request.resource.data[arrayFieldName].size()
&& resource.data[arrayFieldName].removeAll(request.resource.data[arrayFieldName])[0] == removedItem;
}
function messageUpdated(fieldUidWasRemoved, fieldUidWasAdded) {
return resource.data.diff(request.resource.data).affectedKeys().hasOnly([fieldUidWasRemoved, fieldUidWasAdded])
&& itemRemovedFromArray(fieldUidWasRemoved, request.auth.uid)
&& request.resource.data[fieldUidWasAdded].diff(resource.data[fieldUidWasAdded]).affectedKeys().hasOnly([request.auth.uid]);
}
match /conversations/{conversationId}{
allow read: if resource == null || request.auth.uid in resource.data["participants"];
allow update: if (
// direct conversation:
!('group' in resource.data) && itemRemovedFromArray("participants", request.auth.uid)
) || isGroupAdmin(conversationId) && ( // group admin updating the group:
(
request.resource.data.diff(resource.data).affectedKeys().hasOnly(["participants", "group"])
&& request.resource.data["group"].diff(resource.data["group"]).affectedKeys().hasOnly(["joinedAt", "adminUids"])
) || request.resource.data["group"].diff(resource.data["group"]).affectedKeys().hasOnly(["adminUids"])
|| request.resource.data["group"].diff(resource.data["group"]).affectedKeys().hasOnly(["title"])
) || ( // exiting the group:
request.resource.data.diff(resource.data).affectedKeys().hasOnly(["participants", "group"]) &&
itemRemovedFromArray("participants", request.auth.uid) &&
request.resource.data["group"].diff(resource.data["group"]).affectedKeys().hasOnly(["joinedAt", "adminUids"]) &&
request.resource.data["group"]["joinedAt"].diff(resource.data["group"]["joinedAt"]).affectedKeys().hasOnly([request.auth.uid])
);
allow create: if request.auth.uid in request.resource.data["participants"]
&& !('group' in request.resource.data) || request.auth.uid in request.resource.data["group"]["adminUids"];
}
match /conversations/{conversationId}/typing/{userId}{
allow read: if resource == null || request.auth != null;
allow create, update: if request.auth.uid == userId && request.resource.data["uid"] == userId;
allow delete: if request.auth.uid == userId;
}
match /conversations/{conversationId}/messages/{messageId}{
allow read: if resource == null
|| auth.uid == request.resource.data["senderUid"]
|| request.auth.uid in resource.data["participants"]
|| request.auth.uid in resource.data["pendingRead"]
|| request.auth.uid in resource.data["pendingReceivement"];
allow create: if request.auth.uid == request.resource.data["senderUid"];
allow update: if messageUpdated("pendingReceivement","receivedAt")
|| messageUpdated("pendingRead","readAt");
}
match /users/{userId}{
allow read: if request.auth != null;
allow write: if userId == request.auth.uid;
}
match /users/{userId}/fullUser/{_} {
allow read, write: if userId == request.auth.uid;
}
}
}