WorkDesk/firestore.rules at main · Iyedchebbi/WorkDesk · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
rules_version = '2';

service cloud.firestore {
  match /databases/{database}/documents {

    // Helper to check authentication
    function isSignedIn() {
      return request.auth != null;
    }

    // Profile Rules:
    // Only the authenticated user can read or write their own profile document.
    match /profiles/{userId} {
      allow read, write: if isSignedIn() && request.auth.uid == userId;
    }

    match /projects/{projectId} {
      allow read, update, delete: if isSignedIn() && resource.data.userId == request.auth.uid;
      allow create: if isSignedIn() && request.resource.data.userId == request.auth.uid;
    }

    match /clients/{clientId} {
      allow read, update, delete: if isSignedIn() && resource.data.userId == request.auth.uid;
      allow create: if isSignedIn() && request.resource.data.userId == request.auth.uid;
    }

    match /tasks/{taskId} {
      allow read, update, delete: if isSignedIn() && resource.data.userId == request.auth.uid;
      allow create: if isSignedIn() && request.resource.data.userId == request.auth.uid;
    }

    match /invoices/{invoiceId} {
      allow read, update, delete: if isSignedIn() && resource.data.userId == request.auth.uid;
      allow create: if isSignedIn() && request.resource.data.userId == request.auth.uid;
    }

    match /{document=**} {
      allow read, write: if false;
    }
  }
}