forked from NextGenXplorer/Reshme_Info
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathfirestore.rules
More file actions
92 lines (77 loc) · 3.16 KB
/
firestore.rules
File metadata and controls
92 lines (77 loc) · 3.16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
// Helper functions for validation
function isValidPrice(price) {
return price is number && price > 0 && price < 10000;
}
function isValidBreed(breed) {
return breed in ['CB', 'BV'];
}
function isValidQuality(quality) {
return quality in ['A', 'B', 'C'];
}
function isValidMarket(market) {
return market is string && market.size() > 0 && market.size() < 100;
}
function isSuperAdmin() {
return request.auth != null && request.auth.token.role == 'super_admin';
}
function isMarketAdmin() {
return request.auth != null && request.auth.token.role == 'market_admin';
}
function canWriteToMarket(market) {
return isSuperAdmin() || (isMarketAdmin() && request.auth.token.market == market);
}
// Cocoon Prices - Read access for all, write for authenticated admins only
match /cocoonPrices/{priceId} {
allow read: if true; // Public read access for price information
allow create: if canWriteToMarket(request.resource.data.market)
&& isValidPrice(request.resource.data.pricePerKg)
&& isValidBreed(request.resource.data.breed)
&& isValidQuality(request.resource.data.quality)
&& isValidMarket(request.resource.data.market);
allow update: if canWriteToMarket(request.resource.data.market)
&& isValidPrice(request.resource.data.pricePerKg);
allow delete: if isSuperAdmin();
}
// Markets - Read access for all, write for super admins only
match /markets/{marketId} {
allow read: if true; // Public read access
allow write: if isSuperAdmin();
}
// Breeds - Read access for all, write for super admins only
match /breeds/{breedId} {
allow read: if true; // Public read access
allow write: if isSuperAdmin();
}
// Push Tokens - Allow anyone to create, but only admins to read
match /pushTokens/{token} {
allow create: if true;
allow read: if request.auth != null && request.auth.token.role in ['super_admin', 'market_admin'];
}
// Price Alerts - User can only access their own alerts
match /priceAlerts/{alertId} {
allow read, write: if request.auth != null
&& request.auth.uid == resource.data.userId;
allow create: if request.auth != null
&& request.auth.uid == request.resource.data.userId;
}
// Daily Summaries - Read access for all, write for admins or system
match /dailySummaries/{summaryId} {
allow read: if true; // Public read access
allow write: if isSuperAdmin() || (request.auth != null && request.auth.token.role == 'system');
}
// Notifications - Read access for all, write for admins only
match /notifications/{notificationId} {
allow read: if true; // Public read access for all users
allow create: if request.auth != null && request.auth.token.role in ['super_admin', 'market_admin'];
allow update: if isSuperAdmin();
allow delete: if isSuperAdmin();
}
// Default rule - deny all other access
match /{document=**} {
allow read, write: if false;
}
}
}