me/parandum
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow users to leave groups if not owner

Browse Source
This commit is contained in:
Matthew Grove
2021-11-24 19:05:50 +00:00
parent a15032f2a1
commit 94e4bd9d43
3 changed files with 656 additions and 580 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
firestore.rules
View File

@@ -94,7 +94,8 @@ service cloud.firestore {
return [requiredFields, allFields]; return [requiredFields, allFields];
} }
allow read, delete: if isSignedIn() && (isSignedInUser() || getGroupRole(groupId) == "owner" || isAdmin()); // is current user's data or is owner of group or is admin allow read: if isSignedIn() && (isSignedInUser() || getGroupRole(groupId) == "owner" || isAdmin()); // is current user's data or is owner of group or is admin
allow delete: if isSignedIn() && ((isSignedInUser() && getGroupRole(groupId) != "owner") || (!isSignedInUser() && getGroupRole(groupId) == "owner") || isAdmin())
allow create: if isSignedIn() && isSignedInUser() && (getRequestField("role", "") == "member" || (isAdmin() && verifyGroupFieldTypes())) && verifyCreateFields(getPossibleGroupFields()); allow create: if isSignedIn() && isSignedInUser() && (getRequestField("role", "") == "member" || (isAdmin() && verifyGroupFieldTypes())) && verifyCreateFields(getPossibleGroupFields());
allow update: if isSignedIn() && allow update: if isSignedIn() &&
(getGroupRole(groupId) == "owner" || isAdmin()) && (getGroupRole(groupId) == "owner" || isAdmin()) &&

1199
src/GroupPage.js
View File

File diff suppressed because it is too large Load Diff

28
test/firestore.test.js
View File

@@ -117,18 +117,42 @@ describe("Parandum Firestore database", () => {
await firebase.assertSucceeds(testDoc.get()); await firebase.assertSucceeds(testDoc.get());
}); });
it("Can delete current user's groups", async () => { it("Can delete current user's groups when not group owner", async () => {
const admin = getAdminFirestore();
await admin.collection("users").doc(myId).collection("groups").doc(groupOne).set({ role: "member" });
const db = getFirestore(myAuth); const db = getFirestore(myAuth);
const testDoc = db.collection("users").doc(myId).collection("groups").doc(groupOne); const testDoc = db.collection("users").doc(myId).collection("groups").doc(groupOne);
await firebase.assertSucceeds(testDoc.delete()); await firebase.assertSucceeds(testDoc.delete());
}); });
it("Can't delete other users' groups", async () => { it("Can't delete current user's groups when group owner", async () => {
const admin = getAdminFirestore();
await admin.collection("users").doc(myId).collection("groups").doc(groupOne).set({ role: "owner" });
const db = getFirestore(myAuth);
const testDoc = db.collection("users").doc(myId).collection("groups").doc(groupOne);
await firebase.assertFails(testDoc.delete());
});
it("Can't delete other users' groups when not group owner", async () => {
const admin = getAdminFirestore();
await admin.collection("users").doc(myId).collection("groups").doc(groupOne).set({ role: "member" });
const db = getFirestore(myAuth); const db = getFirestore(myAuth);
const testDoc = db.collection("users").doc(theirId).collection("groups").doc(groupOne); const testDoc = db.collection("users").doc(theirId).collection("groups").doc(groupOne);
await firebase.assertFails(testDoc.delete()); await firebase.assertFails(testDoc.delete());
}); });
it("Can delete other users' groups when group owner", async () => {
const admin = getAdminFirestore();
await admin.collection("users").doc(myId).collection("groups").doc(groupOne).set({ role: "owner" });
const db = getFirestore(myAuth);
const testDoc = db.collection("users").doc(theirId).collection("groups").doc(groupOne);
await firebase.assertSucceeds(testDoc.delete());
});
it("Can delete other users' groups when admin", async () => { it("Can delete other users' groups when admin", async () => {
const db = getFirestore(myAdminAuth); const db = getFirestore(myAdminAuth);
const testDoc = db.collection("users").doc(theirId).collection("groups").doc(groupOne); const testDoc = db.collection("users").doc(theirId).collection("groups").doc(groupOne);