-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathfirestore.rules
More file actions
58 lines (49 loc) · 1.58 KB
/
Copy pathfirestore.rules
File metadata and controls
58 lines (49 loc) · 1.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
// Helper to check if a user is writing their own record
function isOwner(userId) {
return request.auth != null && request.auth.uid == userId;
}
// Agents: Anyone can read, only self can write
match /agents/{agentId} {
allow read: if true;
allow write: if true; // In prod: if isOwner(agentId);
}
// Offers: Anyone can read, only the provider can write
match /offers/{offerId} {
allow read: if true;
allow write: if true; // In prod: if request.resource.data.providerId == request.auth.uid;
}
// Requests: Anyone can read, only the consumer can write
match /requests/{requestId} {
allow read: if true;
allow create: if true;
allow update: if true; // Mostly for provider status updates, should be restricted
}
// Usage Proofs: Read-all, Write-only by provider or system
match /usage_proofs/{proofId} {
allow read: if true;
allow create: if true;
}
// Payments & Settlements: Immutable for users, system-only write
match /payments/{paymentId} {
allow read: if true;
allow write: if false;
}
match /settlements/{settlementId} {
allow read: if true;
allow write: if false;
}
// Datasets: Anyone can read, owner can write
match /datasets/{datasetId} {
allow read: if true;
allow write: if true;
}
// Aggregates: System only
match /aggregates/{docId} {
allow read: if true;
allow write: if false;
}
}
}