From 23a16b01d565e6c1df3807aed1a1ee8c73c0f8fa Mon Sep 17 00:00:00 2001
From: Amisha <amisha.i@canopas.com>
Date: Tue, 7 Jan 2025 12:11:58 +0530
Subject: [PATCH] Update security rule

---
 firestore.rules | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/firestore.rules b/firestore.rules
index ea8cebdd3..877dce84c 100644
--- a/firestore.rules
+++ b/firestore.rules
@@ -48,14 +48,15 @@ service cloud.firestore {
                      resource.data.members.hasAny([request.auth.uid]);
       
       allow create: if isAuthorized() &&
-      				   isCurrentUser(request.resource.data.created_by);
+      				      isCurrentUser(request.resource.data.created_by);
       
       allow update: if isAuthorized() &&
-      				   (resource.data.members.hasAny([request.auth.uid]) ||
-                       (!resource.data.members.hasAny([request.auth.uid]) &&
-                            request.resource.data.diff(resource.data).affectedKeys().hasOnly(["members"])
-                       )
-                    );
+                    (resource.data.members.hasAny([request.auth.uid]) ||
+                      (!resource.data.members.hasAny([request.auth.uid]) && 
+                        request.resource.data.diff(resource.data).affectedKeys().hasOnly(["members"])
+                      )
+                    )
+                    || request.resource.data.keys().hasAny(["updated_at", "updated_by"]);
       
       allow delete: if isAuthorized() &&
    		resource.data.members.hasAny([request.auth.uid]);