3.2 Database Security Rules
From the Firestore Database, Click on the Rules tab and copy and paste the following code below:
Firestore Security Rules
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /users/{userId} {
allow read: if true;
allow write: if isUserSignedIn() && request.auth.uid == userId || isAdmin();
}
match /questions/{document=**} {
allow read : if true;
allow write: if isUserSignedIn() && (isAdmin() || isEditor());
}
match /quizes/{document=**} {
allow read : if true;
allow write: if isUserSignedIn() && (isAdmin() || isEditor());
}
match /categories/{document=**} {
allow read : if true;
allow write: if isUserSignedIn() && (isAdmin() || isEditor());
}
// new
match /notifications/{document=**} {
allow read : if true;
allow write: if isUserSignedIn() && isAdmin();
}
//new
match /purchases/{document=**} {
allow read : if true;
allow write: if isUserSignedIn();
}
//new
match /user_stats/{document=**} {
allow read : if true;
allow write: if isUserSignedIn();
}
//new
match /purchase_stats/{document=**} {
allow read : if true;
allow write: if isUserSignedIn();
}
match /settings/{document=**} {
allow read : if true;
allow write: if isUserSignedIn() && isAdmin();
}
match /item_count/{document=**} {
allow read: if true;
allow create, update: if isUserSignedIn() || isAdmin();
}
function isUserSignedIn (){
return request.auth != null;
}
function isAdmin (){
return "admin" in get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role;
}
function isEditor (){
return "editor" in get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role;
}
}
}Click on Publish button to publish the security rules. That's it.
Last updated