electriumap/firestore.rules at dev · Electrium-Mobility/electriumap · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
rules_version = '2';

service cloud.firestore {
  match /databases/{database}/documents {
    // Outlets collection - public read, authenticated write with validation
    match /Outlets/{outletId} {
      // Allow public read access to all outlets
      allow read: if true;

      // Allow authenticated users to create outlets with proper validation
      allow create: if request.auth != null
        && request.resource.data != null
        && request.auth.uid == request.resource.data.userid
        && validateOutletData(request.resource.data);

      // Allow authenticated users to update their own outlets
      allow update: if request.auth != null
        && request.auth.uid == resource.data.userid
        && validateOutletData(request.resource.data);

      // Allow authenticated users to delete their own outlets
      allow delete: if request.auth != null
        && request.auth.uid == resource.data.userid;
    }

    // Users collection - users can only access their own data
    match /Users/{userId} {
      // Users can read and write their own user document
      allow read, write: if request.auth != null && request.auth.uid == userId;

      // User's outlets subcollection
      match /Outlets/{outletId} {
        // Users can read and write their own outlet references
        allow read, write: if request.auth != null && request.auth.uid == userId;
      }

      // User's vehicles subcollection
      match /Vehicles/{vehicleId} {
        // Users can read and write their own vehicle data
        allow read, write: if request.auth != null && request.auth.uid == userId;
      }
    }
  }

  // Helper function to validate outlet data
  function validateOutletData(data) {
    return data.keys().hasAll(['latitude', 'longitude', 'userName', 'userid', 'locationName', 'chargerType', 'description'])
      && data.latitude is number
      && data.longitude is number
      && data.latitude >= -90 && data.latitude <= 90
      && data.longitude >= -180 && data.longitude <= 180
      && data.userName is string
      && data.userid is string
      && data.locationName is string
      && data.chargerType is string
      && data.description is string
      && data.userName.size() >= 2
      && data.userid.size() >= 3
      && data.locationName.size() >= 5
      && data.chargerType.size() >= 2
      && data.description.size() >= 1;
  }
}