not allowing to create/update user-level space/event/day entries

fcamblor · fcamblor · commit 90790febb9fe · 2024-10-28T19:00:17.000+01:00
diff --git a/cloud/firestore/firestore.default.rules b/cloud/firestore/firestore.default.rules
@@ -180,20 +180,20 @@ service cloud.firestore {
          (this can take a lot of time)
        */
       match /tokens-wallet/self {
-        allow get, create, update, delete: if iAm(userId);
-        allow list: if false;
+        allow get, delete: if iAm(userId);
+        allow list, create, update: if false;
       }
       match /events/{eventId} {
-        allow get, list, create, update: if iAm(userId);
-        allow delete: if false;
+        allow get, list: if iAm(userId);
+        allow delete, create, update: if false;
 
         match /talksNotes/{talkId} {
           allow get, list, create, update: if iAm(userId);
           allow delete: if false;
         }
         match /days/{dayId} {
-          allow get, list, create, update: if iAm(userId);
-          allow delete: if false;
+          allow get, list: if iAm(userId);
+          allow delete, create, update: if false;
 
           match /feedbacks/self {
             allow get, create, update: if iAm(userId);
@@ -203,20 +203,20 @@ service cloud.firestore {
       }
 
       match /spaces/{spaceId} {
-        allow get, list, create, update: if iAm(userId);
-        allow delete: if false;
+        allow get, list: if iAm(userId);
+        allow delete, create, update: if false;
 
         match /events/{eventId} {
-          allow get, list, create, update: if iAm(userId);
-          allow delete: if false;
+          allow get, list: if iAm(userId);
+          allow delete, create, update: if false;
 
           match /talksNotes/{talkId} {
             allow get, list, create, update: if iAm(userId);
             allow delete: if false;
           }
           match /days/{dayId} {
-            allow get, list, create, update: if iAm(userId);
-            allow delete: if false;
+            allow get, list: if iAm(userId);
+            allow delete, create, update: if false;
 
             match /feedbacks/self {
               allow get, create, update: if iAm(userId);
diff --git a/cloud/firestore/firestore.default.rules.spec.ts b/cloud/firestore/firestore.default.rules.spec.ts
@@ -792,8 +792,8 @@ const COLLECTIONS: CollectionDescriptor[] = [{
     tests: (userContext: UserContext) => {
       ensureCollectionFollowAccessPermissions('/users/{userId}/tokens-wallet/self', userContext,
         {
-          get: userContext.name === 'fred user', update: userContext.name === 'fred user',
-          createDoc: userContext.name === 'fred user', delete: userContext.name === 'fred user',
+          get: userContext.name === 'fred user', update: false,
+          createDoc: false, delete: userContext.name === 'fred user',
           list: false, createNew: false,
         }, 'fred')
 
@@ -841,9 +841,9 @@ const COLLECTIONS: CollectionDescriptor[] = [{
     tests: (userContext: UserContext) => {
       ensureCollectionFollowAccessPermissions('/users/{userId}/spaces/{spaceId}', userContext,
         {
-          get: userContext.name === 'fred user', update: userContext.name === 'fred user',
-          createDoc: userContext.name === 'fred user',
-          list: userContext.name === 'fred user', delete: false, createNew: userContext.name === 'fred user',
+          get: userContext.name === 'fred user', update: false,
+          createDoc: false,
+          list: userContext.name === 'fred user', delete: false, createNew: false,
         }, 'fred')
 
       ensureCollectionFollowAccessPermissions('/users/{userId}/spaces/{spaceId}', userContext,
@@ -868,9 +868,9 @@ const COLLECTIONS: CollectionDescriptor[] = [{
       ensureCollectionFollowAccessPermissions(`/users/{userId}/${eventFirestorePath(space.id)}`, userContext,
         {
           delete: false,
-          get: userContext.name === 'fred user', update: userContext.name === 'fred user',
-          list: userContext.name === 'fred user', createDoc: userContext.name === 'fred user',
-          createNew: userContext.name === 'fred user',
+          get: userContext.name === 'fred user', update: false,
+          list: userContext.name === 'fred user', createDoc: false,
+          createNew: false,
         }, 'fred')
 
       ensureCollectionFollowAccessPermissions(`/users/{userId}/${eventFirestorePath(space.id)}`, userContext,
@@ -924,9 +924,9 @@ const COLLECTIONS: CollectionDescriptor[] = [{
       ensureCollectionFollowAccessPermissions(`/users/{userId}/${eventFirestorePath(space.id)}/days/{dayId}`, userContext,
         {
           delete: false,
-          get: userContext.name === 'fred user', update: userContext.name === 'fred user',
-          list: userContext.name === 'fred user', createDoc: userContext.name === 'fred user',
-          createNew: userContext.name === 'fred user',
+          get: userContext.name === 'fred user', update: false,
+          list: userContext.name === 'fred user', createDoc: false,
+          createNew: false,
         }, 'fred')
 
       ensureCollectionFollowAccessPermissions(`/users/{userId}/${eventFirestorePath(space.id)}/days/{dayId}`, userContext,
