Untitled

mail@pastecode.io avatar
unknown
plain_text
3 years ago
1.7 kB
2
Indexable
Never
rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
  
    // Scoped Functions

    function isAdmin() {
      return isSignedIn() && get(/databases/$(database)/documents/users/$(request.auth.uid)).data.roles.admin == true;
    }

    // End Scoped Functions

    // Rules

    match /products/{id} {
      allow read: if true;

      match /prices/{id} {
        allow read: if true;
      }

      match /tax_rates/{id} {
        allow read: if true;
      }
    }
    
    match /videos/{id} {
      allow read: if isSignedIn();
      allow write: if isAdmin();
    }
    
    match /workout-weeks/{id} {
      allow read: if isSignedIn();
      allow write: if isAdmin();
    }
    
    match /workout-exercises/{id} {
      allow read: if isSignedIn();
      allow write: if isAdmin();
    }

    match /users/{uid} {
      allow read, write: if
        belongsTo(uid) || isAdmin() //SEEMS TO FAIL HERE IN FE, BUT WORKS IN BE.
      ;
    }
    
    match /announcements/{id} {
      allow read: if isSignedIn();
      allow write: if isAdmin();
    }
    // End Rules
    
  }
}

// Global Functions
function isSignedIn() {
    return request.auth != null;
}
function belongsTo(uid) {
    return isSignedIn() && request.auth.uid == uid;
}
//function hasMonthlySub() {
    //return request.auth.token.subType == "monthly";
//}
//function hasYearlySub() {
    //return request.auth.token.subType == "yearly";
//}
//function isSubscribed() {
    //return hasMonthlySub() || hasYearlySub();
//}
//function existingData() {
    // return resource.data;
//}