forked from manifoldmarkets/manifold
-
Notifications
You must be signed in to change notification settings - Fork 0
/
firestore.rules
106 lines (92 loc) · 4.46 KB
/
firestore.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
rules_version = '2';
// To pick the right project: `firebase projects:list`, then `firebase use <project-name>`
// To deploy: `firebase deploy --only firestore:rules`
service cloud.firestore {
match /databases/{database}/documents {
function isAdmin() {
return request.auth.token.email in [
]
}
match /users/{userId} {
allow read;
allow update: if isAdmin();
allow update:
if userId == request.auth.uid
&& request.resource.data.diff(resource.data).affectedKeys()
.hasOnly(['bio', 'website', 'twitterHandle', 'discordHandle', 'shouldShowWelcome', 'hasSeenContractFollowModal', 'homeSections', 'optOutBetWarnings', 'hasSeenLoanModal', 'isAdvancedTrader']);
// delete user rules
allow update: if userId == request.auth.uid
&& request.resource.data.diff(resource.data).affectedKeys().hasOnly(['userDeleted', 'isBannedFromPosting'])
&& request.resource.data.userDeleted == true
&& request.resource.data.isBannedFromPosting == true;
// User referral rules
allow update: if userId == request.auth.uid
&& request.resource.data.diff(resource.data).affectedKeys()
.hasOnly(['referredByUserId', 'referredByContractId', 'referredByGroupId'])
// only one referral allowed per user
&& !("referredByUserId" in resource.data)
// user can't refer themselves
&& !(userId == request.resource.data.referredByUserId);
// quid pro quos enabled (only once though so nbd) - bc I can't make this work:
// && (get(/databases/$(database)/documents/users/$(request.resource.data.referredByUserId)).referredByUserId == resource.data.id);
match /events/{eventId} {
allow create: if (request.auth == null && userId == 'NO_USER') || userId == request.auth.uid;
allow read: if userId == request.auth.uid || userId == '_';
}
}
match /{somePath=**}/portfolioHistory/{portfolioHistoryId} {
allow read;
}
match /private-users/{userId} {
allow read: if userId == request.auth.uid || isAdmin();
allow update: if (userId == request.auth.uid || isAdmin())
&& request.resource.data.diff(resource.data).affectedKeys()
.hasOnly(['email', 'apiKey', 'notificationPreferences', 'twitchInfo', 'pushToken', 'rejectedPushNotificationsOn', 'blockedUserIds', 'blockedContractIds', 'blockedGroupSlugs','interestedInPushNotifications', 'hasSeenAppBannerInNotificationsOn', 'installedAppPlatforms','lastPromptedToEnablePushNotifications', 'paymentInfo']);
// Symmetric block rules
allow update: if (request.auth != null || isAdmin())
&& request.resource.data.diff(resource.data).affectedKeys()
.hasOnly(['blockedByUserIds'])
&& request.resource.data.blockedByUserIds.toSet().difference(resource.data.blockedByUserIds.toSet()).hasOnly([request.auth.uid]);
allow delete: if (userId == request.auth.uid || isAdmin());
}
match /contracts/{contractId} {
allow read: if isAdmin()
// allow read if contract is not private
allow read: if resource.data.visibility!='private';
allow update: if request.resource.data.diff(resource.data).affectedKeys()
.hasOnly(['description', 'question', 'coverImageUrl'])
&& resource.data.creatorId == request.auth.uid;
allow update: if isAdmin();
allow delete: if request.resource.data.creatorId == request.auth.uid || isAdmin();
}
match /{somePath=**}/bets/{betId} {
allow read;
}
match /{somePath=**}/liquidity/{liquidityId} {
allow read;
}
match /{somePath=**}/answers/{answerId} {
allow read;
}
match /{somePath=**}/answersCpmm/{answerId} {
allow read;
}
match /txns/{txnId} {
allow read;
}
match /refresh-all-clients/{id} {
allow read;
}
}
}