Skip to content

Commit 3c9f4d1

Browse files
ShishKababShishKabab
committed
Update memex-common and Firestore rules
1 parent a85e793 commit 3c9f4d1

File tree

3 files changed

+133
-3
lines changed

3 files changed

+133
-3
lines changed

firebase/firestore.rules

Lines changed: 130 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -87,6 +87,72 @@ service cloud.firestore {
8787
request.auth.uid == resource.data.user
8888
;
8989
}
90+
match /personalAnalyticEvent/{user} {
91+
match /objects/{personalAnalyticEvent} {
92+
allow create: if
93+
// Type checks
94+
request.resource.data.createdWhen is timestamp &&
95+
request.resource.data.type is string &&
96+
(!('str1' in request.resource.data.keys()) || request.resource.data.str1 == null || request.resource.data.str1 is string) &&
97+
(!('str2' in request.resource.data.keys()) || request.resource.data.str2 == null || request.resource.data.str2 is string) &&
98+
(!('str3' in request.resource.data.keys()) || request.resource.data.str3 == null || request.resource.data.str3 is string) &&
99+
(!('float1' in request.resource.data.keys()) || request.resource.data.float1 == null || request.resource.data.float1 is float) &&
100+
(!('float2' in request.resource.data.keys()) || request.resource.data.float2 == null || request.resource.data.float2 is float) &&
101+
(!('float3' in request.resource.data.keys()) || request.resource.data.float3 == null || request.resource.data.float3 is float) &&
102+
(!('time1' in request.resource.data.keys()) || request.resource.data.time1 == null || request.resource.data.time1 is timestamp) &&
103+
(!('time2' in request.resource.data.keys()) || request.resource.data.time2 == null || request.resource.data.time2 is timestamp) &&
104+
(!('time3' in request.resource.data.keys()) || request.resource.data.time3 == null || request.resource.data.time3 is timestamp) &&
105+
106+
107+
// Ownership rules
108+
request.auth.uid == user
109+
;
110+
allow update: if
111+
// Type checks
112+
(!('createdWhen' in request.resource.data.keys()) || request.resource.data.createdWhen is timestamp) &&
113+
(!('type' in request.resource.data.keys()) || request.resource.data.type is string) &&
114+
(!('str1' in request.resource.data.keys()) || request.resource.data.str1 == null || request.resource.data.str1 is string) &&
115+
(!('str2' in request.resource.data.keys()) || request.resource.data.str2 == null || request.resource.data.str2 is string) &&
116+
(!('str3' in request.resource.data.keys()) || request.resource.data.str3 == null || request.resource.data.str3 is string) &&
117+
(!('float1' in request.resource.data.keys()) || request.resource.data.float1 == null || request.resource.data.float1 is float) &&
118+
(!('float2' in request.resource.data.keys()) || request.resource.data.float2 == null || request.resource.data.float2 is float) &&
119+
(!('float3' in request.resource.data.keys()) || request.resource.data.float3 == null || request.resource.data.float3 is float) &&
120+
(!('time1' in request.resource.data.keys()) || request.resource.data.time1 == null || request.resource.data.time1 is timestamp) &&
121+
(!('time2' in request.resource.data.keys()) || request.resource.data.time2 == null || request.resource.data.time2 is timestamp) &&
122+
(!('time3' in request.resource.data.keys()) || request.resource.data.time3 == null || request.resource.data.time3 is timestamp) &&
123+
124+
125+
// Ownership rules
126+
request.auth.uid == user
127+
;
128+
}
129+
}
130+
match /personalAnalyticStats/{user} {
131+
allow get: if
132+
// Ownership rules
133+
request.auth.uid == user
134+
;
135+
allow create: if
136+
// Type checks
137+
request.resource.data.installedWhen is timestamp &&
138+
request.resource.data.registeredWhen is timestamp &&
139+
(!('uninstalledWhen' in request.resource.data.keys()) || request.resource.data.uninstalledWhen == null || request.resource.data.uninstalledWhen is timestamp) &&
140+
141+
142+
// Ownership rules
143+
request.auth.uid == user
144+
;
145+
allow update: if
146+
// Type checks
147+
(!('installedWhen' in request.resource.data.keys()) || request.resource.data.installedWhen is timestamp) &&
148+
(!('registeredWhen' in request.resource.data.keys()) || request.resource.data.registeredWhen is timestamp) &&
149+
(!('uninstalledWhen' in request.resource.data.keys()) || request.resource.data.uninstalledWhen == null || request.resource.data.uninstalledWhen is timestamp) &&
150+
151+
152+
// Ownership rules
153+
request.auth.uid == user
154+
;
155+
}
90156
match /sharedList/{sharedList} {
91157
allow get: if
92158
// Permission rules
@@ -147,6 +213,64 @@ service cloud.firestore {
147213
;
148214
}
149215
}
216+
match /sharedContentFingerprint/{sharedContentFingerprint} {
217+
allow get: if
218+
// Permission rules
219+
true
220+
;
221+
allow create: if
222+
// Type checks
223+
request.resource.data.normalizedUrl is string &&
224+
request.resource.data.fingerprintScheme is string &&
225+
request.resource.data.fingerprint is string &&
226+
227+
228+
// Permission rules
229+
(request.auth.uid == request.resource.data.creator && ((get(/databases/$(database)/documents/sharedList/$(request.resource.data.sharedList)).data.creator == request.resource.data.creator) || (exists(/databases/$(database)/documents/sharedListRole/$(request.resource.data.sharedList)/users/$(request.auth.uid)) && (get(/databases/$(database)/documents/sharedListRole/$(request.resource.data.sharedList)/users/$(request.auth.uid)).data.roleID >= 400))))
230+
;
231+
allow update: if
232+
// Type checks
233+
(!('normalizedUrl' in request.resource.data.keys()) || request.resource.data.normalizedUrl is string) &&
234+
(!('fingerprintScheme' in request.resource.data.keys()) || request.resource.data.fingerprintScheme is string) &&
235+
(!('fingerprint' in request.resource.data.keys()) || request.resource.data.fingerprint is string) &&
236+
237+
238+
// Permission rules
239+
(request.auth.uid == resource.data.creator && ((!('creator' in request.resource.data.keys())) || request.auth.uid == request.resource.data.creator) && ((get(/databases/$(database)/documents/sharedList/$(request.resource.data.sharedList)).data.creator == request.resource.data.creator) || (exists(/databases/$(database)/documents/sharedListRole/$(request.resource.data.sharedList)/users/$(request.auth.uid)) && (get(/databases/$(database)/documents/sharedListRole/$(request.resource.data.sharedList)/users/$(request.auth.uid)).data.roleID >= 400))))
240+
;
241+
allow delete: if
242+
// Permission rules
243+
(request.auth.uid == resource.data.creator && ((get(/databases/$(database)/documents/sharedList/$(resource.data.sharedList)).data.creator == resource.data.creator) || (exists(/databases/$(database)/documents/sharedListRole/$(resource.data.sharedList)/users/$(request.auth.uid)) && (get(/databases/$(database)/documents/sharedListRole/$(resource.data.sharedList)/users/$(request.auth.uid)).data.roleID >= 400))))
244+
;
245+
}
246+
match /sharedContentLocator/{sharedContentLocator} {
247+
allow get: if
248+
// Permission rules
249+
true
250+
;
251+
allow create: if
252+
// Type checks
253+
request.resource.data.normalizedUrl is string &&
254+
request.resource.data.originalUrl is string &&
255+
256+
257+
// Permission rules
258+
(request.auth.uid == request.resource.data.creator && ((get(/databases/$(database)/documents/sharedList/$(request.resource.data.sharedList)).data.creator == request.resource.data.creator) || (exists(/databases/$(database)/documents/sharedListRole/$(request.resource.data.sharedList)/users/$(request.auth.uid)) && (get(/databases/$(database)/documents/sharedListRole/$(request.resource.data.sharedList)/users/$(request.auth.uid)).data.roleID >= 400))))
259+
;
260+
allow update: if
261+
// Type checks
262+
(!('normalizedUrl' in request.resource.data.keys()) || request.resource.data.normalizedUrl is string) &&
263+
(!('originalUrl' in request.resource.data.keys()) || request.resource.data.originalUrl is string) &&
264+
265+
266+
// Permission rules
267+
(request.auth.uid == resource.data.creator && ((!('creator' in request.resource.data.keys())) || request.auth.uid == request.resource.data.creator) && ((get(/databases/$(database)/documents/sharedList/$(request.resource.data.sharedList)).data.creator == request.resource.data.creator) || (exists(/databases/$(database)/documents/sharedListRole/$(request.resource.data.sharedList)/users/$(request.auth.uid)) && (get(/databases/$(database)/documents/sharedListRole/$(request.resource.data.sharedList)/users/$(request.auth.uid)).data.roleID >= 400))))
268+
;
269+
allow delete: if
270+
// Permission rules
271+
(request.auth.uid == resource.data.creator && ((get(/databases/$(database)/documents/sharedList/$(resource.data.sharedList)).data.creator == resource.data.creator) || (exists(/databases/$(database)/documents/sharedListRole/$(resource.data.sharedList)/users/$(request.auth.uid)) && (get(/databases/$(database)/documents/sharedListRole/$(resource.data.sharedList)/users/$(request.auth.uid)).data.roleID >= 400))))
272+
;
273+
}
150274
match /sharedListEntry/{sharedListEntry} {
151275
allow get: if
152276
// Permission rules
@@ -980,6 +1104,8 @@ service cloud.firestore {
9801104
request.resource.data.primary is bool &&
9811105
request.resource.data.valid is bool &&
9821106
request.resource.data.version is timestamp &&
1107+
(!('localId' in request.resource.data.keys()) || request.resource.data.localId == null || request.resource.data.localId is string) &&
1108+
(!('fingerprintScheme' in request.resource.data.keys()) || request.resource.data.fingerprintScheme == null || request.resource.data.fingerprintScheme is string) &&
9831109
(!('fingerprint' in request.resource.data.keys()) || request.resource.data.fingerprint == null || request.resource.data.fingerprint is string) &&
9841110
(!('lastVisited' in request.resource.data.keys()) || request.resource.data.lastVisited == null || request.resource.data.lastVisited is timestamp) &&
9851111
(!('contentSize' in request.resource.data.keys()) || request.resource.data.contentSize == null || request.resource.data.contentSize is number) &&
@@ -1000,6 +1126,8 @@ service cloud.firestore {
10001126
(!('primary' in request.resource.data.keys()) || request.resource.data.primary is bool) &&
10011127
(!('valid' in request.resource.data.keys()) || request.resource.data.valid is bool) &&
10021128
(!('version' in request.resource.data.keys()) || request.resource.data.version is timestamp) &&
1129+
(!('localId' in request.resource.data.keys()) || request.resource.data.localId == null || request.resource.data.localId is string) &&
1130+
(!('fingerprintScheme' in request.resource.data.keys()) || request.resource.data.fingerprintScheme == null || request.resource.data.fingerprintScheme is string) &&
10031131
(!('fingerprint' in request.resource.data.keys()) || request.resource.data.fingerprint == null || request.resource.data.fingerprint is string) &&
10041132
(!('lastVisited' in request.resource.data.keys()) || request.resource.data.lastVisited == null || request.resource.data.lastVisited is timestamp) &&
10051133
(!('contentSize' in request.resource.data.keys()) || request.resource.data.contentSize == null || request.resource.data.contentSize is number) &&
@@ -1176,8 +1304,8 @@ service cloud.firestore {
11761304
;
11771305
}
11781306
}
1179-
match /personalMemexExtensionSetting/{user} {
1180-
match /objects/{personalMemexExtensionSetting} {
1307+
match /personalMemexSetting/{user} {
1308+
match /objects/{personalMemexSetting} {
11811309
allow list: if
11821310
// Ownership rules
11831311
request.auth.uid == user

firebase/functions/external/@worldbrain/memex-common

tools/common.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ import ContentSharingStorage from '@worldbrain/memex-common/lib/content-sharing/
88
import ContentConversationStorage from '@worldbrain/memex-common/lib/content-conversations/storage'
99
import UserManagementStorage from '@worldbrain/memex-common/lib/user-management/storage'
1010
import PersonalCloudStorage from '@worldbrain/memex-common/lib/personal-cloud/storage'
11+
import PersonalAnalyticsStorage from '@worldbrain/memex-common/lib/analytics/storage'
1112
import { registerModuleMapCollections } from '@worldbrain/storex-pattern-modules'
1213

1314
export async function createStorage() {
@@ -21,6 +22,7 @@ export async function createStorage() {
2122
sharedSyncLog: new SharedSyncLogStorage({ storageManager: serverStorageManager, autoPkType: 'string' }),
2223
activityStream: new ActivityStreamStorage({ storageManager: serverStorageManager }),
2324
activityFollows: new ActivityFollowsStorage({ storageManager: serverStorageManager }),
25+
analytics: new PersonalAnalyticsStorage({ storageManager: serverStorageManager }),
2426
contentSharing: contentSharing,
2527
contentConversations: new ContentConversationStorage({
2628
contentSharing,

0 commit comments

Comments
 (0)