rules_version = '2'; service cloud.firestore { match /databases/{database}/documents { // Restaurants: // - Authenticated user can read // - Authenticated user can create/update (for demo) // - Validate updates // - Deletes are not allowed match /restaurants/{restaurantId} { allow read, create: if request.auth != null; allow update: if request.auth != null && request.resource.data.name == resource.data.name allow delete: if false; // Ratings: // - Authenticated user can read // - Authenticated user can create if userId matches // - Deletes and updates are not allowed match /ratings/{ratingId} { allow read: if request.auth != null; allow create: if request.auth != null && request.resource.data.userId == request.auth.uid; allow update, delete: if false; } } // MealPlannerUsers: // - Anyone can read // - Authenticated users can create and edit their account // - Deletes are not allowed match /mealPlannerUsers/{userID} { allow read: if true; allow create, update, write: if true; allow delete: if false; // Favs: // - Anyone can read // - Authenticated users can create and edit their account // - Deletes are not allowed match /favs/{favID} { allow read, create, update, write: if true; allow delete: if false; } } // Messages: // - Anyone can read. // - Authenticated users can add and edit messages. // - Validation: Check name is same as auth token and text length below 300 char or that imageUrl is a URL. // - Deletes are not allowed. match /messages/{messageId} { allow read; allow create, update: if request.auth != null && request.resource.data.name == request.auth.token.name && (request.resource.data.text is string && request.resource.data.text.size() <= 300 || request.resource.data.imageUrl is string && request.resource.data.imageUrl.matches('https?://.*')); allow delete: if false; } // FcmTokens: // - anyone can save its token // - access is forbidden match /fcmTokens/{tokenID} { allow write; allow read: if false; } // Users: DevBook app match /users/{userID} { allow read,write :if true; } } }