forked from manifoldmarkets/manifold
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfirestore.rules
53 lines (47 loc) · 2.35 KB
/
firestore.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
rules_version = '2';
// To pick the right project: `firebase projects:list`, then `firebase use <project-name>`
// To deploy: `firebase deploy --only firestore:rules`
service cloud.firestore {
match /databases/{database}/documents {
function isAdmin() {
return request.auth.token.email in [
]
}
match /private-users/{userId} {
allow read: if userId == request.auth.uid || isAdmin();
allow update: if (userId == request.auth.uid || isAdmin())
&& request.resource.data.diff(resource.data).affectedKeys()
.hasOnly(['email', 'apiKey', 'notificationPreferences', 'twitchInfo', 'pushToken', 'rejectedPushNotificationsOn', 'blockedUserIds', 'blockedContractIds', 'blockedGroupSlugs','interestedInPushNotifications', 'hasSeenAppBannerInNotificationsOn', 'installedAppPlatforms','lastPromptedToEnablePushNotifications', 'paymentInfo']);
// Symmetric block rules
allow update: if (request.auth != null || isAdmin())
&& request.resource.data.diff(resource.data).affectedKeys()
.hasOnly(['blockedByUserIds'])
&& request.resource.data.blockedByUserIds.toSet().difference(resource.data.blockedByUserIds.toSet()).hasOnly([request.auth.uid]);
allow delete: if (userId == request.auth.uid || isAdmin());
}
match /contracts/{contractId} {
allow read: if isAdmin()
// allow read if contract is not private
allow read: if resource.data.visibility!='private';
allow update: if request.resource.data.diff(resource.data).affectedKeys()
.hasOnly(['description', 'question', 'coverImageUrl'])
&& resource.data.creatorId == request.auth.uid;
allow update: if isAdmin();
allow delete: if request.resource.data.creatorId == request.auth.uid || isAdmin();
}
match /refresh-all-clients/{id} {
allow read;
}
}
}