-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathfirebase.rules
More file actions
76 lines (68 loc) · 2.6 KB
/
firebase.rules
File metadata and controls
76 lines (68 loc) · 2.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
// Helper functions
function isSignedIn() {
return request.auth != null;
}
function hasValidTimestamps() {
let hasCreatedAt = request.resource.data.createdAt is timestamp;
let hasUpdatedAt = request.resource.data.updatedAt is timestamp;
return hasCreatedAt && hasUpdatedAt;
}
function isValidFeedingRound() {
let data = request.resource.data;
return data.allocatedAmount is number
&& data.allocatedAmount > 0
&& data.unitPrice is number
&& data.unitPrice > 0
&& data.categoryId is string
&& data.date is string
&& (data.status == 'PENDING' || data.status == 'IN_PROGRESS' || data.status == 'COMPLETED' || data.status == 'CANCELLED')
&& (!data.keys().hasAny(['photos']) || data.photos is list);
}
function isValidTreasuryCategory() {
let data = request.resource.data;
return data.name is string
&& data.name.size() > 0
&& data.balance is number
&& data.balance >= 0;
}
function isValidTransaction() {
let data = request.resource.data;
return data.type in ['DEBIT', 'CREDIT', 'STATUS_UPDATE']
&& data.amount is number
&& data.amount > 0
&& data.description is string
&& data.category is string
&& data.reference is string
&& data.status in ['PENDING', 'COMPLETED', 'CANCELLED'];
}
// Common rules - all operations require authentication
match /{document=**} {
allow read: if isSignedIn();
allow write: if isSignedIn();
}
// Feeding rounds collection
match /feedingRounds/{roundId} {
allow read: if isSignedIn();
allow create: if isSignedIn() && isValidFeedingRound() && hasValidTimestamps();
allow update: if isSignedIn() && isValidFeedingRound() && hasValidTimestamps();
allow delete: if isSignedIn();
}
// Treasury collection
match /treasury/{categoryId} {
allow read: if isSignedIn();
allow create: if isSignedIn() && isValidTreasuryCategory() && hasValidTimestamps();
allow update: if isSignedIn() && isValidTreasuryCategory() && hasValidTimestamps();
allow delete: if isSignedIn();
}
// Transactions collection
match /transactions/{transactionId} {
allow read: if isSignedIn();
allow create: if isSignedIn() && isValidTransaction() && hasValidTimestamps();
allow update: if false; // Transactions should never be updated
allow delete: if false; // Transactions should never be deleted
}
}
}