92 lines
3.0 KiB
Plaintext
92 lines
3.0 KiB
Plaintext
rules_version = '2';
|
|
service cloud.firestore {
|
|
match /databases/{database}/documents {
|
|
function isSignedIn() {
|
|
return request.auth != null;
|
|
}
|
|
|
|
function isAdmin() {
|
|
return request.auth.token.admin == true;
|
|
}
|
|
|
|
function verifyCreateFields(fields) {
|
|
return request.resource.data.keys().hasAll(fields[0]) && request.resource.data.keys().hasOnly(fields[1]);
|
|
}
|
|
|
|
function verifyUpdateFields(fields) {
|
|
let affectedKeys = request.resource.data.diff(resource.data).affectedKeys();
|
|
return affectedKeys.hasAll([]) && affectedKeys.hasOnly(fields[isAdmin() ? 0 : 1]);
|
|
}
|
|
|
|
function getRequestField(field, default_value) {
|
|
return request.resource.data.get(field, default_value);
|
|
}
|
|
|
|
function verifyBoolType(field) {
|
|
return getRequestField(field, true) is bool;
|
|
}
|
|
|
|
function verifyStringType(field) {
|
|
return getRequestField(field, "") is string;
|
|
}
|
|
|
|
function verifyEmptyArrayType(field) {
|
|
return getRequestField(field, []) == [];
|
|
}
|
|
|
|
match /first-aiders/{firstAider} {
|
|
function getPossibleFields() {
|
|
let nonAdminFields = ["address", "email", "phone", "qualificationId", "qualificationName"];
|
|
let adminFields = ["qualificationExpiry"];
|
|
|
|
let allFields = adminFields.concat(nonAdminFields);
|
|
return [nonAdminFields, allFields];
|
|
}
|
|
|
|
allow read: if request.auth.uid == firstAider;
|
|
allow update: if request.auth.uid == firstAider && verifyUpdateFields(getPossibleUpdateFields());
|
|
}
|
|
match /panic-events/{panicEvent} {
|
|
function getPossibleFields() {
|
|
let nonAdminFields = ["resolved"];
|
|
let adminFields = [];
|
|
|
|
let allFields = adminFields.concat(nonAdminFields);
|
|
return [nonAdminFields, allFields];
|
|
}
|
|
|
|
function isFirstAiderPresent(groupId) {
|
|
let eventFirstAiderData = get(/databases/$(database)/documents/panic-events/$(panicEvent)/linkedFirstAiders/$(request.auth.uid)).data;
|
|
return eventFirstAiderData.attending == true && eventFirstAiderData.present == true;
|
|
}
|
|
|
|
allow update: if isFirstAiderPresent();
|
|
allow read: if true;
|
|
|
|
match /linkedFirstAiders/{firstAider} {
|
|
function getPossibleFields() {
|
|
let nonAdminFields = ["attending", "present"];
|
|
let adminFields = [];
|
|
|
|
let allFields = adminFields.concat(nonAdminFields);
|
|
return [nonAdminFields, allFields];
|
|
}
|
|
|
|
allow read: if isSignedIn();
|
|
allow update: if request.auth.uid == firstAider && verifyUpdateFields(getPossibleUpdateFields());
|
|
}
|
|
}
|
|
match /patients/{patient} {
|
|
function getPossibleFields() {
|
|
let nonAdminFields = ["accessNotes", "address", "phone", "conditions", "email", "doNotResuscitate", "keysafeCode", "medication", "nextOfKinName", "nextOfKinPhone"];
|
|
let adminFields = [];
|
|
|
|
let allFields = adminFields.concat(nonAdminFields);
|
|
return [nonAdminFields, allFields];
|
|
}
|
|
|
|
allow read: if request.auth.uid == patient;
|
|
allow update: if request.auth.uid == patient && verifyUpdateFields(getPossibleUpdateFields());
|
|
}
|
|
}
|
|
} |