Firestoreセキュリティルールを更新し、ユーザーごとのアクセス制御を追加

jphacks · Nov 22, 2024 · 985ee1e · 985ee1e
1 parent 203d499
commit 985ee1e
Showing 1 changed file with 20 additions and 2 deletions.
diff --git a/firebase/firestore.rules b/firebase/firestore.rules
@@ -12,8 +12,26 @@ service cloud.firestore {
     // Make sure to write security rules for your app before that time, or else
     // all client requests to your Firestore database will be denied until you Update
     // your rules
-    match /{document=**} {
-      allow read, write: if request.time < timestamp.date(2024, 11, 25);
+    match /users/{userId} {
+    	allow read, write: if request.auth != null
+      	&& userId == request.auth.uid;
+
+      match /events/{eventId} {
+    		allow read, write: if request.auth != null
+      		&& userId == request.auth.uid;
+    	}
+
+      match /want-todos/{todoId} {
+    		allow read, write: if request.auth != null
+      		&& userId == request.auth.uid;
+    	}
+    }
+
+    match /notifications/{notificationId} {
+    	allow read: if request.auth != null
+      		&& resource.data.userId == request.auth.uid;
+    	allow write: if request.auth != null
+      		&& request.resource.data.userId == request.auth.uid;
     }
   }
 }