-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathfirestore.rules
More file actions
31 lines (26 loc) · 967 Bytes
/
firestore.rules
File metadata and controls
31 lines (26 loc) · 967 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
// Users: any signed-in user can read; only owner can write
match /users/{uid} {
allow read: if request.auth != null;
allow write: if request.auth != null && request.auth.uid == uid;
}
// Posts: any signed-in user can read and write
match /posts/{postId} {
allow read, write: if request.auth != null;
}
// Organizations: any signed-in user can read; all writes go through API route
match /organizations/{orgId} {
allow read: if request.auth != null;
allow write: if false;
}
// Invitations: doc ID is an unguessable UUID code, so reads are open.
// Writes are admin-only (via API route).
match /invitations/{code} {
allow read: if true;
allow write: if request.auth != null &&
get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role == "admin";
}
}
}