me/parandum
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update db rules for new functionality

Browse Source
This commit is contained in:
Matthew Grove
2021-08-08 22:14:34 +01:00
parent fc974dbc7e
commit ebf87082f1
1 changed files with 32 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
firestore.rules
View File

@@ -52,9 +52,14 @@ service cloud.firestore {
return request.auth.uid == userId; return request.auth.uid == userId;
} }
function verifyThemeValue() {
let requestField = getRequestField("theme", "default");
return requestField == "default";
}
function verifyFieldTypes() { function verifyFieldTypes() {
return verifyBoolType("sound") && return verifyBoolType("sound") &&
verifyStringType("theme"); verifyThemeValue();
} }
function getPossibleFields() { function getPossibleFields() {
@@ -143,23 +148,38 @@ service cloud.firestore {
allow update: if isSignedIn() && request.auth.uid == resource.data.owner && verifyUpdateFields(getPossibleUpdateFields()) && verifyFieldTypes(); allow update: if isSignedIn() && request.auth.uid == resource.data.owner && verifyUpdateFields(getPossibleUpdateFields()) && verifyFieldTypes();
match /vocab/{vocabId} { match /vocab/{vocabId} {
function verifyVocabFieldTypes() { function verifySoundValue() {
return verifyStringType("term") && return getRequestField("sound", vocabId) == vocabId;
verifyStringType("sound") &&
verifyStringType("definition");
} }
function getPossibleVocabFields() { function verifyVocabFieldTypes() {
let requiredFields = ["term", "sound", "definition"]; return verifyStringType("term") &&
let optionalFields = []; verifyStringType("definition") &&
let allFields = requiredFields.concat(optionalFields); verifySoundValue();
return [requiredFields, allFields]; }
function getPossibleFields() {
let nonStaticFields = ["term", "definition"];
let staticFields = ["sound"];
let allFields = staticFields.concat(nonStaticFields);
return [nonStaticFields, allFields];
}
function getPossibleCreateFields() {
let fields = getPossibleFields();
return [fields[1], fields[1]];
}
function getPossibleUpdateFields() {
let fields = getPossibleFields();
return [[], fields[0]];
} }
allow read, delete: if isSignedIn() && isSetOwner(setId); allow read, delete: if isSignedIn() && isSetOwner(setId);
allow read: if isSignedIn() && isPublicSet(setId); allow read: if isSignedIn() && isPublicSet(setId);
allow create: if isSignedIn() && isSetOwner(setId) && verifyCreateFields(getPossibleVocabFields()) && verifyVocabFieldTypes(); allow create: if isSignedIn() && isSetOwner(setId) && verifyCreateFields(getPossibleCreateFields()) && verifyVocabFieldTypes();
allow update: if isSignedIn() && isSetOwner(setId) && verifyUpdateFields(getPossibleVocabFields()) && verifyVocabFieldTypes(); allow update: if isSignedIn() && isSetOwner(setId) && verifyUpdateFields(getPossibleUpdateFields()) && verifyVocabFieldTypes();
} }
} }
@@ -178,17 +198,13 @@ service cloud.firestore {
allow read: if isSignedIn() && isProgressUser(); allow read: if isSignedIn() && isProgressUser();
allow delete: if isSignedIn() && isProgressUser() && isNotComplete(); allow delete: if isSignedIn() && isProgressUser() && isNotComplete();
// NOTE: update and create disallowed as these are handled by Cloud Functions to ensure sound file Ids aren't altered to illegally access other files
// NOTE: disallow start_time update
match /terms/{vocabId} { match /terms/{vocabId} {
allow read: if isSignedIn() && isProgressUser() && !(isLanguageSwitched()); allow read: if isSignedIn() && isProgressUser() && !(isLanguageSwitched());
// NOTE: create handled by Cloud Functions
} }
match /definitions/{vocabId} { match /definitions/{vocabId} {
allow read: if isSignedIn() && isProgressUser() && isLanguageSwitched(); allow read: if isSignedIn() && isProgressUser() && isLanguageSwitched();
// NOTE: create handled by Cloud Functions
} }
} }
} }