InventoryMgmt/firebase-rules.json at master · FirstBuild/InventoryMgmt · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
{
  "rules": {
    "users": {
      "$userId": {
        ".read": "$userId === auth.uid",
        // grants write access to the owner of this user account
        // whose uid must exactly match the key ($user_id)
        ".write": "$userId === auth.uid",
        ".validate": "newData.hasChildren(['provider', 'displayName', 'rootContainer'])",
        "displayName": {
          ".validate": "newData.isString()"
        },
        "email": {
          ".validate": "newData.val() === auth.email"
        },
        "provider": {
          ".validate": "newData.val() == 'password'"
        },
        "rootContainer": {
            ".validate": "root.child('containers/' + newData.val()).exists()"
        }
      }
    },
    "containers": {
      ".read": "auth !== null",
      // haven't locked down writes yet, but you do need to be authenticated
      ".write": "auth !== null",
      "$container_id": {
        // a valid container must have attributes "owner", "parent", and "name"
        ".validate": "newData.hasChildren(['owner', 'parent', 'name'])",
        "owner": {
          // allow creation of a root container without a valid owner entry
          // as each user requires a root container and it would create a
          // circular dependency if each required the other
          ".validate": "(newData.parent().child('parent').val() === false) ||root.child('/users/' + newData.val()).exists()"
        },
        "name": {
          ".validate": "newData.isString()"
        },
        "parent": {
          ".validate": "newData.val() === false || root.child('containers/' + newData.val()).exists()"
        },
        // optional attributes below
        "children": {
          "$childId": {
            ".validate": "root.child('containers/' + $childId).exists()"
          }
        },
        "description": {
          ".validate": "newData.isString() || newData.val() === null"
        },
        "objects": {
          "$objectId": {
            ".validate": "root.child('objects/' + $objectId).exists() && newData.val() === true"
          }
        }
      }
    },
    "objects": {
      ".read": "auth !== null",
      // haven't locked down writes yet, but you do need to be authenticated
      ".write": "auth !== null",
      "$objectId": {
        // a valid container must have attributes "container" and "data"
        ".validate": "newData.hasChildren(['container', 'data'])",
        "container": {
          ".validate": "root.child('containers/' + newData.val()).exists()"
        },
        "data": {
          ".validate": "newData.exists()"
        }
      }
    }
  }
}