initial commit

Author: codediodeio

.firebaserc

@@ -0,0 +1,5 @@
+{
+  "projects": {
+    "default": "angularfirebase-267db"
+  }
+}

.gitignore

@@ -0,0 +1,65 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+firebase-debug.log*
+
+# Firebase cache
+.firebase/
+
+# Firebase config
+
+# Uncomment this if you'd like others to create their own Firebase project.
+# For a team working on the same Firebase project(s), it is recommended to leave
+# it commented so all members can deploy to the same project(s) in .firebaserc.
+# .firebaserc
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (http://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env

README.md

@@ -0,0 +1,3 @@
+# Episode 147 - Testing Firestore Rules with the Emulator
+
+Learn test your Firebase security rules using the new Firestore emulator.

firebase.json

@@ -0,0 +1,6 @@
+{
+  "firestore": {
+    "rules": "firestore.rules",
+    "indexes": "firestore.indexes.json"
+  }
+}

firestore.indexes.json

@@ -0,0 +1,3 @@
+{
+  "indexes": []
+}

firestore.rules

@@ -0,0 +1,30 @@
+service cloud.firestore {
+  match /databases/{database}/documents {
+
+    // Secure by default 
+    match /{document=**} {
+      allow read: if false;
+      allow write: if false;
+    }
+
+    // Unsecured Rules
+    match /posts/{docId} {
+      allow read, write;
+    }
+
+    // Secured to authenticated users
+    match /comments/{docId} {
+      allow read: if request.auth.uid != null;
+      allow write: if request.auth.uid == request.resource.data.userId;
+    }
+
+    // Role-based authorization
+    function getUserData() {
+      return get(/databases/$(database)/documents/users/$(request.auth.uid)).data
+    }
+    
+    match /projects/{docId} {
+      allow read, write: if getUserData().roles['admin'] == true || resource.data.members.hasAny([request.auth.uid])
+    }
+  }
+}