-
Notifications
You must be signed in to change notification settings - Fork 2
/
example.rules
71 lines (63 loc) · 2.66 KB
/
example.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
// Top rule
rules_version = '2';
function rootFunction() {
return true;
}
// test
service cloud.firestore {
function serviceFunction() {
return true;
}
// test
match /databases/{database}/documents {
function hasValue(value, uid, carId) {
return get(/databases/$(database)/documents/someData/$(uid)/subCollection/$(carId)).data.someData.hasAll([value])
}
match /someData/{targetUserId} {
allow write: if false;
allow read: if request.auth.uid == targetUserId
match /subCollection/{carId} {
allow read: if hasValue('bla', request.auth.uid, carId);
allow update; // Some comment
allow delete: if false;
// another comment
}
}
match /users/{userId} {
allow write, read: if false;
}
match /cars/{carId} {
match /roles/{roleId} {
allow delete: if get(/databases/$(database)/documents/configurations/someData).data.values.hasAll(request.resource.data.someData)
&& request.resource.data.keys().hasOnly(['name', 'someData'])
&& request.resource.data.size() == 2
&& request.resource.data.name is string
&& request.resource.data.someData is list
&& hasValue('bla', request.auth.uid, carId);
allow read: if hasValue('bla', request.auth.uid, carId);
}
match /oneLevel/{one} {
match /twoLevel/{two} {
match /threeLevel/{three} {
allow write, read: if request.resource.data.asdf is int &&
request.resource.data.asdf == 333;
}
}
}
match /store/current/{doc=**} {
allow read: if request.auth.uid != null;
match /slots/{slotId} {
allow write: if hasValue('writeSLots', request.auth.uid, carId)
&& request.resource.data.keys().hasOnly(['rank', 'name', 'description', 'imageUrl', 'timeSlot'])
&& request.resource.data.rank is int
&& request.resource.data.name is string
&& request.resource.data.description is string
&& request.resource.data.imageUrl is path
&& request.resource.data.timeSlot.from is timestamp
&& request.resource.data.timeSlot.to is timestamp
&& request.resource.data.timeSlot.to > request.resource.data.timeSlot.from;
}
}
}
}
}