-
Notifications
You must be signed in to change notification settings - Fork 2
/
firestore.rules
92 lines (92 loc) · 3.57 KB
/
firestore.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
function isMember(roomId) {
return isAuthenticated() && exists(/databases/$(database)/documents/rooms/$(roomId)/members/$(request.auth.uid));
}
function isAdmin(roomId) {
return isAuthenticated() && 'admin' in get(/databases/$(database)/documents/rooms/$(roomId)/members/$(request.auth.uid)).data.roles;
}
function isVerifier(roomId) {
return isAuthenticated() && 'verifier' in get(/databases/$(database)/documents/rooms/$(roomId)/members/$(request.auth.uid)).data.roles;
}
function isAuthenticated() {
return request.auth.uid != null;
}
function getChallenge(challengeId) {
return get(/databases/$(database)/documents/challenges/$(challengeId)).data
}
match /feed/{entryId} {
allow write: if isAuthenticated();
}
match /rooms/{roomId} {
allow create: if isAuthenticated();
allow update: if isAdmin(request.resource.id)
}
match /users/{account} {
allow write: if isAuthenticated() && request.auth.uid == account;
}
match /rooms/{roomId}/members/{account} {
allow write: if isAuthenticated() && request.auth.uid == account;
}
match /challenges/{challengeId} {
allow create: if isAdmin(request.resource.data.roomId);
allow update: if isAdmin(resource.data.roomId);
}
match /challengesets/{challengesetId} {
allow create: if isAdmin(request.resource.data.roomId);
allow update: if isAdmin(resource.data.roomId);
}
match /workproofs/{workproofId} {
allow create: if
isMember(request.resource.data.roomId)
// is author
&& request.resource.data.author == request.auth.uid
// is integer
&& request.resource.data.weight is int
&& ((
// is linked to challenge
request.resource.data.challengeId != null
&& getChallenge(request.resource.data.challengeId).get("status", "open") != "closed"
&& request.resource.data.weight == getChallenge(request.resource.data.challengeId).weight
) ||
// is not linked to challenge
request.resource.data.challengeId == null
)
allow update: if (
(isAdmin(resource.data.roomId) || isVerifier(resource.data.roomId))
&& resource.data.author != request.auth.uid
&& request.resource.data.diff(resource.data).affectedKeys() == ['verifiers', 'verifications'].toSet()
&& (
request.resource.data.verifiers == [request.auth.uid] ||
request.resource.data.verifiers.toSet().difference(resource.data.verifiers.toSet()) == [request.auth.uid].toSet()
)
&& request.resource.data.verifications.keys().toSet() == request.resource.data.verifiers.toSet()
) || (
resource.data.author == request.auth.uid
&& request.resource.data.diff(resource.data).affectedKeys() == ['description'].toSet()
)
}
match /invites/{inviteId} {
allow read: if false;
allow create: if isAdmin(request.resource.data.roomId);
}
match /gates/{gateId} {
allow create: if isAdmin(request.resource.data.roomId);
allow delete: if isAdmin(resource.data.roomId);
allow read: if true;
}
match /rewards/{inviteId} {
allow create: if isAdmin(request.resource.data.roomId);
allow delete: if isAdmin(resource.data.roomId)
}
match /logs/{logId} {
allow create: if true;
allow read: if false;
}
match /{document=**} {
allow write: if false;
allow read: if true;
}
}
}