-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathfirestore.rules
More file actions
51 lines (48 loc) · 2.11 KB
/
firestore.rules
File metadata and controls
51 lines (48 loc) · 2.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
function isSignedIn() {
return request.auth != null && request.auth.uid != null;
}
match /legislation/{legislation=**} {
allow read: if true;
allow write: if isSignedIn();
}
match /documents/{document=**} {
function isPublished() {
return !('published' in resource.data) || resource.data.published != false;
}
function isAuthor() {
return 'authorEmail' in resource.data && 'email' in request.auth.token && resource.data.authorEmail == request.auth.token.email;
}
function hasNoAuthor() {
return !('authorEmail' in resource.data) || resource.data.authorEmail == null || resource.data.authorEmail == 'legacy';
}
function isPublic() {
return resource.data.confidentiality == 'Public';
}
function isDeclassified() {
return 'declassifyAt' in resource.data && resource.data.declassifyAt != null && request.time >= resource.data.declassifyAt;
}
function isViewer() {
return 'viewers' in resource.data && 'roles' in request.auth.token && resource.data.viewers.hasAny(request.auth.token.roles);
}
function canReadDocument() {
return (isSignedIn() && (isAuthor() || hasNoAuthor())) ||
(isPublished() && isPublic()) ||
(isPublished() && (!isPublic()) && isSignedIn() && (isDeclassified() || isViewer()));
}
allow read: if canReadDocument();
allow write: if isSignedIn();
}
match /settings/{setting=**} {
allow read: if true;
allow write: if isSignedIn() && ('Chairman' in request.auth.token.roles || 'Speaker' in request.auth.token.roles || 'DeputySpeaker' in request.auth.token.roles);
}
match /amendmentRequests/{requestId=**} {
allow read: if true;
allow update: if isSignedIn() && ('Chairman' in request.auth.token.roles || 'Speaker' in request.auth.token.roles || 'DeputySpeaker' in request.auth.token.roles || 'JudicialCommitteeChairman' in request.auth.token.roles);
allow create, delete: if false;
}
}
}