-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathdatabase.rules.json
More file actions
64 lines (64 loc) · 3.65 KB
/
database.rules.json
File metadata and controls
64 lines (64 loc) · 3.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
{
"rules": {
// only admin users can read/write to the whole database. Most creation attempts will be evaluated here
".read": "auth !== null && data.child('users').child(auth.uid).child('admin').val() === true",
".write": "auth !== null && data.child('users').child(auth.uid).child('admin').val() === true",
"canvases": {
"$canvas": {
// users can read all info on canvases they are assigned to
".read": "auth !== null && data.child('users').child(auth.uid).exists()",
"elements": {
"$element": {
// users can write to elements on canvases they are assigned to
".write": "auth !== null && data.parent().parent().child('users').child(auth.uid).exists()",
"image":{ ".validate": "!newData.exists() || newData.isString()" }, // image field is a string
"module":{ ".validate": "!newData.exists() || newData.isString()" }, // module field is a string
"position":{
"x": { ".validate": "!newData.exists() || newData.isNumber()" }, // x field is a number
"y": { ".validate": "!newData.exists() || newData.isNumber()" } // y field is a number
},
"rotation": { ".validate": "!newData.exists() || newData.isNumber()" }, // rotation field is a number
"size":{
"height":{ ".validate": "!newData.exists() || (newData.isNumber() && newData.val() > 0 && newData.val() < 1250)" }, // height field is a number
"width":{ ".validate": "!newData.exists() || (newData.isNumber() && newData.val() > 0 && newData.val() < 1830)" } // width field is a number
}
}
},
"users": { ".write": false }, // users cannot modify a canvas's user list
"orientation":{
// orientation must match 'overhead' or 'side'
".validate": "newData.exists() && newData.isString() && (newData.val() === 'overhead' || newData.val() === 'side')",
".write": "auth !== null && data.parent().child('users').child(auth.uid).exists() && newData.exists()"
},
"owner": { ".write": false }, // users cannot modify a canvas's owner
"$canvasItem": {
// users can create/modify any other field on the canvas if they are in the users list
".write": "auth !== null && data.parent().child('users').child(auth.uid).exists() && newData.exists()"
}
}
},
"users": {
"$uid": {
".read": "auth !== null && $uid === auth.uid", // users can only read their own user data
"admin": { ".write": false }, // users cannot modify the admin flag on their account
"canvases": {
"$canvasItem":{
// users can only modify the values in their canvas list
".write": "auth !== null && $uid === auth.uid && data.exists() && newData.exists()",
".validate": "newData.isString() || newData.isBoolean()" // canvas entry should be a string/bool
}
},
"email":{ ".write": false }, // users cannot modify the email associated with their account
"emailVerified":{ ".write": false }, //users cannot modify whether their email has been verified
"photoUrl":{ ".write": false }, //users cannot modify their photo url
"providerData": { ".write": false }, // users cannot modify the data provided by their Auth provider
"providerID": { ".write": false }, // users cannot modify the ID of their data provider
"$userItem": {
// users can create/modify any of the other fields on their user item
".write": "auth !== null && $uid === auth.uid && newData.exists()"
}
},
".indexOn":["email"]
}
}
}