@@ -3,24 +3,49 @@ service cloud.firestore {
33 match /databases/{database}/documents {
44 function iAm(userId) { return request != null && request.auth != null && request.auth.uid == userId }
55 function onlyAllowedUpdatedFields(allowedFieldNames) {
6+ return allowedFieldNames != null
7+ && request != null
8+ && request.resource != null
9+ && request.resource.data != null
10+ && resource != null
11+ && resource.data != null
12+ && request.resource.data.diff(resource.data).affectedKeys().hasOnly(allowedFieldNames)
13+ && request.resource.data.diff(resource.data).addedKeys().hasOnly(allowedFieldNames)
14+ // return debug('allowedFieldNames != null')!=null && debug(allowedFieldNames != null)!=null && allowedFieldNames != null
15+ // && debug('request != null')!=null && debug(request != null)!=null && request != null
16+ // && debug('request.resource != null')!=null && debug(request.resource != null)!=null && request.resource != null
17+ // && debug('request.resource.data != null')!=null && debug(request.resource.data != null)!=null && request.resource.data != null
18+ // && debug('resource != null')!=null && debug(resource != null)!=null && resource != null
19+ // && debug('resource.data != null')!=null && debug(resource.data != null)!=null && resource.data != null
20+ // && debug('request.resource.data.diff(resource.data).affectedKeys().hasOnly(allowedFieldNames)')!=null && debug(request.resource.data.diff(resource.data).affectedKeys().hasOnly(allowedFieldNames))!=null && request.resource.data.diff(resource.data).affectedKeys().hasOnly(allowedFieldNames)
21+ // && debug('request.resource.data.diff(resource.data).addedKeys().hasOnly(allowedFieldNames)')!=null && debug(request.resource.data.diff(resource.data).addedKeys().hasOnly(allowedFieldNames))!=null && request.resource.data.diff(resource.data).addedKeys().hasOnly(allowedFieldNames)
22+ // return allowedFieldNames != null
23+ // && request != null
24+ // && request.resource != null
25+ // && request.resource.data != null
26+ // && request.resource.data.diff({}).affectedKeys().hasOnly(allowedFieldNames)
27+ // && request.resource.data.diff({}).addedKeys().hasOnly(allowedFieldNames);
28+ // return debug('allowedFieldNames != null')!=null && debug(allowedFieldNames != null)!=null && allowedFieldNames != null
29+ // && debug('request != null')!=null && debug(request != null)!=null && request != null
30+ // && debug('request.resource != null')!=null && debug(request.resource != null)!=null && request.resource != null
31+ // && debug('request.resource.data != null')!=null && debug(request.resource.data != null)!=null && request.resource.data != null
32+ // && debug('request.resource.data.diff({})')!=null && debug(request.resource.data.diff({}))!=null
33+ // && debug('request.resource.data.diff({}).affectedKeys().hasOnly(allowedFieldNames)')!=null && debug(request.resource.data.diff({}).affectedKeys().hasOnly(allowedFieldNames))!=null && request.resource.data.diff({}).affectedKeys().hasOnly(allowedFieldNames)
34+ // && debug('request.resource.data.diff({}).addedKeys().hasOnly(allowedFieldNames)')!=null && debug(request.resource.data.diff({}).addedKeys().hasOnly(allowedFieldNames))!=null && request.resource.data.diff({}).addedKeys().hasOnly(allowedFieldNames)
35+ }
36+ function onlyAllowedCreatedFields(allowedFieldNames) {
637 return allowedFieldNames != null
738 && request != null
839 && request.resource != null
940 && request.resource.data != null
10- && resource != null
11- && resource.data != null
12- && resource.data.diff(request.resource.data).affectedKeys().hasOnly(allowedFieldNames)
41+ && request.resource.data.diff({}).affectedKeys().hasOnly(allowedFieldNames)
1342 }
1443
1544 // By default, prevent reads & writes on any node
1645 match /{document=**} {
1746 allow read, write: if false;
1847 }
1948
20- match /event-family-tokens/{familyId} {
21- allow read, write: if false;
22- }
23-
2449 match /public-tokens/{publicSecretToken} {
2550 allow get: if true;
2651 allow list, write: if false;
@@ -76,7 +101,7 @@ service cloud.firestore {
76101 match /ratings/{talkId} {
77102 allow read, write: if false;
78103 }
79- match /daily-ratings/{dayIf } {
104+ match /daily-ratings/{dayId } {
80105 allow read, write: if false;
81106 }
82107 }
@@ -102,42 +127,134 @@ service cloud.firestore {
102127 }
103128 }
104129
130+ match /spaces/{spaceId} {
131+ allow get: if true;
132+ allow list, write: if false;
133+
134+ match /events/{event} {
135+ allow read: if true;
136+ allow write: if false;
137+
138+ match /days/{dayId} {
139+ allow read: if true;
140+ allow write: if false;
141+ }
142+
143+ match /event-descriptor/self {
144+ allow get: if true;
145+ allow list, write: if false;
146+ }
147+
148+ match /talksStats/{talkId} {
149+ allow read: if true;
150+ allow write: if false;
151+ }
152+ match /talksStats-slowPaced/{talkId} {
153+ allow read: if true;
154+ allow write: if false;
155+ }
156+ match /talksStats-allInOne/self {
157+ allow get: if true;
158+ allow list, write: if false;
159+ }
160+ match /roomsStats-allInOne/self {
161+ allow get: if true;
162+ allow list, write: if false;
163+ }
164+
165+ match /organizer-space/{secretOrganizerToken} {
166+ allow get: if true;
167+ allow list, write: if false;
168+
169+ match /ratings/{talkId} {
170+ allow read, write: if false;
171+ }
172+ match /daily-ratings/{dayId} {
173+ allow read, write: if false;
174+ }
175+ }
176+
177+ match /last-updates/self {
178+ allow get: if true;
179+ allow list, write: if false;
180+ }
181+
182+ match /talks/{talkId} {
183+ allow read: if true;
184+ allow write: if false;
185+
186+ match /feedbacks-access/{secretFeedbackViewerToken} {
187+ allow get: if true;
188+ allow list, write: if false;
189+
190+ match /feedbacks/{userPublicToken} {
191+ allow read: if true;
192+ allow write: if false;
193+ }
194+ }
195+ }
196+ }
197+ }
198+
105199 match /users/{userId} {
106- allow list, create, delete: if false;
200+ allow list, delete: if false;
107201 allow get: if iAm(userId);
202+ allow create: if iAm(userId) && onlyAllowedCreatedFields(["userLastConnection"]);
108203 allow update: if iAm(userId) && onlyAllowedUpdatedFields(["userLastConnection"]);
109204
110205 match /preferences/self {
111206 allow get, create, update: if iAm(userId);
112207 allow delete, list: if false;
113208 }
209+ /* Legacy node: but kept for backward compatibility until every users have migrated their tokens-wallet
210+ (this can take a lot of time)
211+ */
114212 match /tokens-wallet/self {
115- allow get, create, update : if iAm(userId);
116- allow delete, list : if false;
213+ allow get, delete : if iAm(userId);
214+ allow list, create, update : if false;
117215 }
118216 match /events/{eventId} {
119- allow get, list, create, update : if iAm(userId);
120- allow delete: if false;
217+ allow get, list: if iAm(userId);
218+ allow delete, create, update : if false;
121219
122- // TODO: Remove it once Devoxx BE is over
123- match /__computed/self {
124- allow get: if iAm(userId);
125- allow list, write: if false;
126- }
127220 match /talksNotes/{talkId} {
128221 allow get, list, create, update: if iAm(userId);
129222 allow delete: if false;
130223 }
131224 match /days/{dayId} {
132- allow get, list, create, update : if iAm(userId);
133- allow delete: if false;
225+ allow get, list: if iAm(userId);
226+ allow delete, create, update : if false;
134227
135228 match /feedbacks/self {
136229 allow get, create, update: if iAm(userId);
137230 allow list, delete: if false;
138231 }
139232 }
140233 }
234+
235+ match /spaces/{spaceId} {
236+ allow get, list: if iAm(userId);
237+ allow delete, create, update: if false;
238+
239+ match /events/{eventId} {
240+ allow get, list: if iAm(userId);
241+ allow delete, create, update: if false;
242+
243+ match /talksNotes/{talkId} {
244+ allow get, list, create, update: if iAm(userId);
245+ allow delete: if false;
246+ }
247+ match /days/{dayId} {
248+ allow get, list: if iAm(userId);
249+ allow delete, create, update: if false;
250+
251+ match /feedbacks/self {
252+ allow get, create, update: if iAm(userId);
253+ allow list, delete: if false;
254+ }
255+ }
256+ }
257+ }
141258 }
142259 }
143260}
0 commit comments