-
Notifications
You must be signed in to change notification settings - Fork 116
/
firestorage-rules.txt
91 lines (83 loc) · 2.96 KB
/
firestorage-rules.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
service firebase.storage {
function isAuthenticated() {
return request.auth != null;
}
// Add uid of admin user
// This is temp solution for time being till fetching role from user document does not work
function isAdmin() {
return isAuthenticated() &&
(request.auth.uid == '');
}
function isUserAuthenticated(userId) {
return isAuthenticated() && request.auth.uid == userId;
}
match /b/{bucket}/o {
match /templates {
// Anyone can view any template file
match /{allFiles=**} {
allow read;
}
}
match /questions {
// questions files, only authenticated user (for now)
match /{allFiles=**} {
allow write, delete: if request.auth != null;
allow read;
}
}
match /bulk_upload/{userId} {
// bulk upload files, only authenticated user allowed to write
// only user is allowed to write user folder
// request.resource != null, ensure that delete operation is not allowed
// resource == null, ensure that update/overwrite operation on file is not allowed
match /{allFiles=**} {
allow write: if isUserAuthenticated(userId)
&& request.resource != null
&& resource == null;
allow read: if isUserAuthenticated(userId)
|| isAdmin();
}
}
match /profile/{userId} {
// user profile, only authenticated user allowed to write
// only user is allowed to write user profile
// request.resource != null, ensure that delete operation is not allowed
// resource == null, ensure that update/overwrite operation on file is not allowed
match /avatar {
match /{allFiles=**} {
allow write: if isUserAuthenticated(userId)
&& request.resource != null
&& resource == null;
allow read: if true;
}
}
match /original {
match /{allFiles=**} {
allow write: if isUserAuthenticated(userId)
&& request.resource != null
&& resource == null;
}
}
}
match /social_share/{userId} {
// social share, only authenticated user allowed to write
// only user is allowed to write user profile
// request.resource != null, ensure that delete operation is not allowed
// resource == null, ensure that update/overwrite operation on file is not allowed
match /score_images {
match /{allFiles=**} {
allow write: if isUserAuthenticated(userId)
&& request.resource != null
&& resource == null;
allow read: if true;
}
}
}
match /feedback {
// a user only can create feedback and can not modify it, anonymous user can also create feedback
match /{document=**} {
allow create: if true;
}
}
}
}