-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfirebase-rules.json
74 lines (67 loc) · 2.02 KB
/
firebase-rules.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
{
"rules": {
"users": {
".indexOn": ["userSince"],
"$uid": {
// you can only read/write your own stuff:
".read": "$uid === auth.uid",
".write": "$uid === auth.uid",
// exception for some public user info:
"user": {
"displayName": {
".read": true
}
},
// and for shared tags/notes (set by sharer on sharer's docs):
"tags": {
"$tagId": {
// kind of the canonical data
".read": "data.child('/share/' + auth.uid).exists()"
}
},
"nuts": {
"$nutId": {
// duplicated by sharer client for ease of security rule checking
".read": "data.child('/share/' + auth.uid).exists()"
}
},
// and somewhere for sharers to write their own share invites to (set by sharer on recipient's object)
"sharedWithMe": {
"tags": {
"$sharerUid": {
// will contain tag id -> permissions (permissions match: /(r|w|x|d)\??/)
".write": "$sharerUid === auth.uid"
}
}
}
}
},
"emailToId": {
".read": true,
"$email": {
".write": "newData.val() === auth.uid"
}
},
// This is for user's smart tags to be able to queue up emails to send. We enforce uid being their own uid so that they can only email to their own email address.
"queuedEmails": {
".indexOn": ["sendAt"],
".read": false,
"$emailInfo": {
".write": "(data.child('uid').val() === auth.uid || ! data.exists()) && (newData.child('uid').val() === auth.uid || ! newData.exists())",
".validate": "newData.hasChildren(['type', 'sendAt', 'subject', 'tagId']) && newData.child('sendAt').isNumber()"
}
},
"feedback": {
".read": false,
".write": true
},
"newFeatures": {
".read": true,
".write": false
},
"newFeatureCount": {
".read": true,
".write": false
}
}
}