-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathfirestore.rules
More file actions
71 lines (61 loc) · 3.03 KB
/
firestore.rules
File metadata and controls
71 lines (61 loc) · 3.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
// Allow authenticated users to read/write their own diagnoses
match /diagnoses/{diagnosisId} {
allow read, write: if request.auth != null && request.auth.uid == resource.data.userId;
allow create: if request.auth != null && request.auth.uid == request.resource.data.userId;
}
// Allow all users to submit feedback (including anonymous)
match /feedback/{feedbackId} {
allow create: if true;
allow read: if request.auth != null &&
(request.auth.token.admin == true || request.auth.uid == resource.data.userId);
allow list: if request.auth != null && request.auth.token.admin == true;
}
// Admin-only access for user management and analytics
match /users/{userId} {
allow read, write: if request.auth != null &&
(request.auth.uid == userId || request.auth.token.admin == true);
}
// Analytics data - user can read their own, admin can read all
match /analytics/{document=**} {
allow read, write: if request.auth != null && request.auth.uid == resource.data.userId;
allow read, list: if request.auth != null && request.auth.token.admin == true;
}
// Community posts - allow public read, authenticated write
match /community_posts/{postId} {
allow read, list: if true; // Allow public read and list access
allow create: if request.auth != null;
allow update, delete: if request.auth != null &&
(request.auth.uid == resource.data.authorId || request.auth.token.admin == true);
}
// Community comments - allow public read, authenticated write
match /community_comments/{commentId} {
allow read: if true; // Allow public read access
allow create: if request.auth != null && request.auth.uid == request.resource.data.authorId;
allow update: if request.auth != null &&
(request.auth.uid == resource.data.authorId || request.auth.token.admin == true);
allow delete: if request.auth != null && request.auth.token.admin == true;
}
// Local alerts - allow reading for all authenticated users, writing for authenticated users
match /local_alerts/{alertId} {
allow read: if request.auth != null;
allow create: if request.auth != null && request.auth.uid == request.resource.data.authorId;
allow update: if request.auth != null &&
(request.auth.uid == resource.data.authorId || request.auth.token.admin == true);
allow delete: if request.auth != null && request.auth.token.admin == true;
}
// Legacy community posts collection (for backward compatibility)
match /posts/{postId} {
allow read: if true;
allow create: if request.auth != null;
allow update, delete: if request.auth != null &&
(request.auth.uid == resource.data.authorId || request.auth.token.admin == true);
}
// Default deny rule for all other documents
match /{document=**} {
allow read, write: if false;
}
}
}