-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathstorage.rules
73 lines (57 loc) · 1.6 KB
/
storage.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
// MARK: - Disabling access for all refs
match /{allPaths=**} {
allow read, write: if false;
}
// MARK: - Authentication
function isSignedIn() {
return ((request.auth != null)
&& (request.auth.uid != null));
}
// MARK: - Model Helpers
function getUserPath() {
return (/databases/(default)/documents/users/$(request.auth.uid));
}
function userExists() {
return (isSignedIn()
&& (request.auth.token != null)
&& firestore.exists(getUserPath()));
}
function getUserData() {
return firestore.get(getUserPath()).data;
}
function getAdminPath() {
return (/databases/(default)/documents/admins/$(request.auth.uid));
}
function isAdmin() {
return (isSignedIn()
&& (request.auth.token != null)
&& firestore.exists(getAdminPath()));
}
function getAdminData() {
return firestore.get(getAdminPath()).data;
}
// MARK: - Public Access
match /public/{allPaths=**} {
allow read: if true;
}
// MARK: - User Access
match /users/{userId}/{allPaths=**} {
allow read: if (isSignedIn()
&& (request.auth.uid == userId));
// allow write: if (
// isSignedIn()
// && (request.auth.uid == userId)
// && (request.resource.size < 5 * 1024 * 1024)
// && request.resource.contentType.matches('image/.*')
// )
}
// MARK: - Admin Access
match /{allPaths=**} {
allow read, write: if (isSignedIn()
&& isAdmin());
}
}
}