Smart-AgroX/firestore.rules at main · Sapavat-A/Smart-AgroX · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    // Allow authenticated users to read and write their own profile
    match /users/{userId} {
      allow read, write: if request.auth != null && request.auth.uid == userId;
    }

    // Allow authenticated users to read and write their own data
    match /soil-data/{document=**} {
      allow read: if request.auth != null;
      allow write: if request.auth != null && request.resource.data.userId == request.auth.uid;
    }

    match /crop-recommendations/{document=**} {
      allow read: if request.auth != null;
      allow write: if request.auth != null && request.resource.data.userId == request.auth.uid;
    }

    // Add explicit permissions for irrigation plans
    match /irrigation-plans/{document=**} {
      allow read: if request.auth != null;
      allow create: if request.auth != null && request.resource.data.userId == request.auth.uid;
      allow update, delete: if request.auth != null &&
                            (resource.data.userId == request.auth.uid) &&
                            (request.resource.data.userId == request.auth.uid);
    }

    // Updated permissions for farms - More permissive
    match /farms/{farmId} {
      // Allow any authenticated user to read farm data
      allow read: if request.auth != null;

      // Allow authenticated users to create farms
      allow create: if request.auth != null;

      // Allow users to update and delete their own farms
      allow update, delete: if request.auth != null &&
                            (resource.data.userId == request.auth.uid ||
                             request.resource.data.userId == request.auth.uid);
    }

    // NDVI Analysis collection permissions
    match /ndvi-analysis/{document=**} {
      allow read: if request.auth != null;
      allow create: if request.auth != null && request.resource.data.userId == request.auth.uid;
      allow update, delete: if request.auth != null &&
                            (resource.data.userId == request.auth.uid) &&
                            (request.resource.data.userId == request.auth.uid);
    }

  }
}