-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathfirestore.rules
More file actions
44 lines (39 loc) · 1.64 KB
/
firestore.rules
File metadata and controls
44 lines (39 loc) · 1.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
function isAdmin() {
return request.auth != null && (request.auth.token.admin == true || request.auth.token.email == 'admin@gmail.com');
}
match /routes/{routeId} {
allow read: if true;
allow write: if isAdmin();
}
match /agencies/{agencyId} {
allow read: if resource.data.is_verified == true || isAdmin() || request.auth.uid == agencyId;
allow create: if request.auth.uid == agencyId;
allow update: if isAdmin() || (
request.auth.uid == agencyId &&
request.resource.data.uid == resource.data.uid &&
request.resource.data.is_verified == resource.data.is_verified &&
request.resource.data.trial_expiry == resource.data.trial_expiry &&
request.resource.data.trial_start == resource.data.trial_start &&
request.resource.data.status == resource.data.status
);
allow delete: if isAdmin();
match /routes/{routeId} {
allow read: if isAdmin() || request.auth.uid == agencyId;
allow write: if isAdmin();
}
}
match /routePurchases/{purchaseId} {
allow read: if (resource.data.status == 'approved') || isAdmin() || request.auth.uid == resource.data.agency_uid;
allow list: if true; // Allow querying for approved purchases
allow create: if request.auth.uid == request.resource.data.agency_uid
&& get(/databases/$(database)/documents/agencies/$(request.auth.uid)).data.is_verified == true;
allow update, delete: if isAdmin();
}
match /otpRequests/{docId} {
allow read, write: if false;
}
}
}