natter/security-rules.bolt at master · 1j01/natter · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

isUser(uid) { auth != null && auth.uid == uid }
isEitherUser(uid1, uid2) { auth != null && (auth.uid == uid1 || auth.uid == uid2) }

path /v0/users {
	read() { auth != null }
}

path /v0/users/{uid} is User {
	write() { isUser(uid) }
	validate() { newData.child("uid").val() == uid }
}

path /v0/user-contacts/{uid} is Object {
	read() { isUser(uid) }
	write() { isUser(uid) }
}

path /v0/user-contacts/{uid}/{contact_uid} is UserContact {
	read() { isEitherUser(uid, contact_uid) }
	write() { isUser(uid) }
}

path /v0/user-contacts/{uid}/{contact_uid}/accepted {
	read() { isEitherUser(uid, contact_uid) }
	write() { isUser(contact_uid) || (isUser(uid) && !newData.val()) }
}

path /v0/contact-requests/{contact_uid}/{from_uid} is Boolean {
	read() { isEitherUser(from_uid, contact_uid) }
	write() { (isUser(contact_uid) && newData.val()) || (isEitherUser(from_uid, contact_uid) && !newData.val()) }
}

type UserContact {
	accepted: Boolean
}

type User {
	uid: String
	name: String
	photoURL: String | Null
}