-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathfirestore.rules
More file actions
196 lines (166 loc) · 7.15 KB
/
firestore.rules
File metadata and controls
196 lines (166 loc) · 7.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
rules_version = '2';
// Updated: 2025-08-03 - Added standalone weekly assessments support
service cloud.firestore {
match /databases/{database}/documents {
// Helper function to check if user is admin
function isAdmin() {
return request.auth != null &&
request.auth.token.email in [
'doyextech@gmail.com',
'ibrahimadekunle3030@gmail.com',
'adekunleibrahim6060@gmail.com',
'suleimanjemilat2009@gmail.com',
'raregem015@gmail.com'
];
}
// Helper function to check if user is authenticated
function isAuthenticated() {
return request.auth != null;
}
// Helper function to check if user owns the resource
function isOwner(userId) {
return request.auth != null && request.auth.uid == userId;
}
// User profiles - users can read/write their own profile, admins can read all
match /users/{userId} {
allow read: if isOwner(userId) || isAdmin();
allow create, update: if isOwner(userId) || isAuthenticated();
allow delete: if isAdmin();
}
// User access control - allow authenticated writes for payment
match /userAccess/{accessId} {
allow read: if isOwner(accessId) || isAdmin();
allow write: if isAdmin() || isAuthenticated() || request.auth == null; // Allow server-side payment processing
}
// Exam attempts - users can manage their own attempts, admins can read all
match /examAttempts/{attemptId} {
allow read: if isAuthenticated() || isAdmin();
allow create, update: if isAuthenticated();
allow delete: if isAdmin();
}
// Questions - authenticated users can read, only admins can write
match /questions/{questionId} {
allow read: if isAuthenticated();
allow write: if isAdmin();
}
// Exam results - users can manage their own results, admins can read all
match /examResults/{resultId} {
allow read: if isAuthenticated() || isAdmin();
allow create, update: if isAuthenticated();
allow delete: if isAdmin();
}
// Feedback - authenticated users can create, admins can read all
match /feedback/{feedbackId} {
allow read: if isAdmin();
allow create: if isAuthenticated();
allow update, delete: if isAdmin();
}
// Access codes - only admins can manage
match /accessCodes/{codeId} {
allow read, write: if isAdmin();
}
// Payment sessions - users can manage their own, admins can read all
match /paymentSessions/{sessionId} {
allow read: if isAuthenticated() || isAdmin();
allow create, update: if isAuthenticated();
allow delete: if isAdmin();
}
// University data - read access for authenticated users, write for admins
match /universities/{universityId} {
allow read: if isAuthenticated();
allow write: if isAdmin();
}
// Leaderboard data - read access for authenticated users
match /leaderboard/{entryId} {
allow read: if isAuthenticated();
allow write: if isAdmin();
}
// Exam schedules - only admins can manage, authenticated users can read
match /examSchedules/{scheduleId} {
allow read: if isAuthenticated();
allow write: if isAdmin();
}
// Weekly assessments - only admins can manage, authenticated users can read
match /weeklyAssessments/{assessmentId} {
allow read: if isAuthenticated();
allow write: if isAdmin();
}
// Weekly assessment attempts - users can manage their own attempts, admins can read all
match /weeklyAssessmentAttempts/{attemptId} {
allow read: if isAuthenticated() || isAdmin();
allow create, update: if isAuthenticated();
allow delete: if isAdmin();
}
// Standalone weekly assessments - only admins can manage, authenticated users can read
match /standaloneWeeklyAssessments/{assessmentId} {
allow read: if isAuthenticated();
allow write: if isAdmin();
}
// Standalone weekly assessment attempts - users can manage their own attempts, admins can read all
match /standaloneAssessmentAttempts/{attemptId} {
allow read: if isAuthenticated() || isAdmin();
allow create, update: if isAuthenticated();
allow delete: if isAdmin();
}
// RM User Access - allow server-side operations for payment processing
match /rmUserAccess/{userId} {
allow read: if isOwner(userId) || isAdmin() || request.auth == null; // Allow server-side reads too
allow write: if isAdmin() || isAuthenticated() || request.auth == null; // Allow server-side operations
}
// Transactions - allow authenticated users to read their own, create during payment
match /transactions/{transactionId} {
allow read: if isAuthenticated() || isAdmin();
allow create, update: if isAuthenticated() || request.auth == null; // Allow server-side payment processing
allow delete: if isAdmin();
}
// RM Exam Attempts - users can manage their own attempts, admins can read all, allow server-side operations
match /rmExamAttempts/{attemptId} {
allow read: if isAuthenticated() || isAdmin() || request.auth == null; // Allow server-side reads
allow create, update: if isAuthenticated() || request.auth == null; // Allow server-side writes
allow delete: if isAdmin();
}
// RM Questions - authenticated users can read, only admins can write
match /rmQuestions/{questionId} {
allow read: if isAuthenticated();
allow write: if isAdmin();
}
// Payments - users can read their own payments, admins can read all
match /payments/{paymentId} {
allow read: if isAuthenticated() || isAdmin();
allow create, update: if isAuthenticated();
allow delete: if isAdmin();
}
// User Activity - users can read their own activity, admins can read all
match /userActivity/{activityId} {
allow read: if isAuthenticated() || isAdmin();
allow create, update: if isAuthenticated();
allow delete: if isAdmin();
}
// Study Groups - authenticated users can read and create, members can update
match /studyGroups/{groupId} {
allow read: if isAuthenticated();
allow create: if isAuthenticated();
allow update, delete: if isAuthenticated() || isAdmin();
}
// RM Question Banks - authenticated users can read, admins and system can write
match /rmQuestionBanks/{bankId} {
allow read: if isAuthenticated();
allow write: if isAdmin() || isAuthenticated();
}
// Standalone RM Exams - authenticated users can read, only admins can write
match /standaloneRMExams/{examId} {
allow read: if isAuthenticated();
allow write: if isAdmin();
}
// Standalone RM Exam Attempts - users can manage their own attempts, admins can read all, allow server-side operations
match /standaloneRMAttempts/{attemptId} {
allow read: if isAuthenticated() || isAdmin() || request.auth == null; // Allow server-side reads
allow create, update: if isAuthenticated() || request.auth == null; // Allow server-side writes
allow delete: if isAdmin();
}
// Default deny all other documents
match /{document=**} {
allow read, write: if false;
}
}
}