-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdatabase-rules.json
More file actions
31 lines (31 loc) · 1.56 KB
/
database-rules.json
File metadata and controls
31 lines (31 loc) · 1.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
{
"rules": {
"groups": {
"$groupId": {
// Group members with READ permission and above can read it.
".read": "root.child('permissions/'+$groupId+'/'+auth.uid+'/level').val() >= 10",
// Only group members with OWNER permission and above can edit it.
".write": "root.child('permissions/'+$groupId+'/'+auth.uid+'/level').val() >= 30"
}
},
"permissions": {
"$groupId": {
// Only group members with READ permission and above can read it.
".read": "root.child('permissions/'+$groupId+'/'+auth.uid+'/level').val() >= 10",
// Group members with OWNER permission and above can edit it or logged in user can add new permisssions for not yet created groups.
".write":"(auth !== null && !data.exists() && !root.child('groups/'+$groupId).exists()) || root.child('permissions/'+$groupId+'/'+auth.uid+'/level').val() >= 30",
"$userId":{
// User can remove himself or anyone can add a READ or WRITE permission if they know groupId and inviteLinkHash which matches the group.
".write":"(!newData.exists() && auth.uid === $userId) || (!data.exists() && newData.exists() && newData.child('level').val() <= 20 && root.child('groups/'+$groupId+'/inviteLinkHash').val() === root.child('users/'+auth.uid+'/inviteLinkHash').val())"
}
}
},
"users": {
"$userId": {
// If somebody knows userId and is signed in, he can read it.
".read": "auth !== null",
// User can change only own user details.
".write": "auth.uid === $userId"
}
}
}