48 lines
1.8 KiB
Plaintext
48 lines
1.8 KiB
Plaintext
rules_version = '2';
|
|
service cloud.firestore {
|
|
match /databases/{database}/documents {
|
|
match /messages/{messageId} {
|
|
|
|
// anyone can read messages
|
|
allow read: if true;
|
|
|
|
// anyone can create a message
|
|
// text must exist and be under 240 characters
|
|
allow create: if
|
|
request.resource.data.text is string &&
|
|
request.resource.data.text.size() <= 240;
|
|
|
|
// the only update allowed is an echo
|
|
// echoCount and lastEchoAt fields can be changed
|
|
// this prevents anyone from editing the text of someone else's message
|
|
allow update: if
|
|
request.resource.data.diff(resource.data)
|
|
.affectedKeys().hasOnly(['echoCount', 'lastEchoAt']);
|
|
|
|
// nobody can delete messages through the client
|
|
allow delete: if false;
|
|
}
|
|
|
|
// --- global "memory counter" (GlobalCountPill) -------------------------
|
|
// a single shared doc, meta/stats, holding totalMessagesEverPosted.
|
|
// anyone can read it (it's shown to every visitor); writes are limited to
|
|
// just that one field, same "only these fields can change" pattern as the
|
|
// echoCount update rule above, so this doc can't be hijacked to store
|
|
// arbitrary data.
|
|
match /meta/stats {
|
|
allow read: if true;
|
|
|
|
// first-ever write: only the counter field, and it must be a number
|
|
allow create: if
|
|
request.resource.data.keys().hasOnly(['totalMessagesEverPosted']) &&
|
|
request.resource.data.totalMessagesEverPosted is number;
|
|
|
|
// every later write (increment(1)) may only touch that same field
|
|
allow update: if
|
|
request.resource.data.diff(resource.data).affectedKeys().hasOnly(['totalMessagesEverPosted']);
|
|
|
|
// nobody can delete the counter through the client
|
|
allow delete: if false;
|
|
}
|
|
}
|
|
} |