-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathfirebaserules
More file actions
51 lines (51 loc) · 1.39 KB
/
firebaserules
File metadata and controls
51 lines (51 loc) · 1.39 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
// These rules grant access to a node matching the authenticated
// user's ID from the Firebase auth token
// Any authenticated user can read the data
// But only the creator of the data point can write
{
"rules": {
"DriverInfo": {
"$uid": {
".read": "auth != null",
".write": "$uid === auth.uid"
}
},
"UserInfo": {
"$uid": {
".read": "auth != null",
".write": "$uid === auth.uid"
}
},
"DriverLocations": {
"$key": {
".read": "auth != null",
"$uid": {
".read": "$uid === auth.uid",
".write": "$uid === auth.uid",
"geofire": {
".indexOn": "g" // For efficient querying of geofire
}
}
}
},
"ClientLocations": {
"$uid": {
".read": "auth != null",
".write": "$uid === auth.uid"
}
},
"PushTokens": {
"$uid": {
".read": "auth != null",
".write": "$uid === auth.uid"
}
},
"Jobs": {
"$jobId": {
// Check auth user is present and they are either the clientUid or driverUid. Only these 2 have full access
".read": "auth != null && (data.child('clientUid').val() === auth.uid || data.child('driverUid').val() === auth.uid)",
".write": "auth != null && (newData.child('clientUid').val() === auth.uid || newData.child('driverUid').val() === auth.uid)"
}
}
}
}