Firestore의
「규칙」 탭에 아래 내용을 그대로 붙여넣고
게시를 누릅니다.
(본인 계정의 데이터만 읽고 쓸 수 있게 하는 보안 규칙입니다)
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /users/{uid} {
allow read, write: if request.auth != null
&& request.auth.uid == uid;
}
match /teams/{teamId} {
allow read: if request.auth != null
&& request.auth.uid in resource.data.members;
allow create: if request.auth != null
&& request.resource.data.ownerUid == request.auth.uid
&& request.resource.data.members[request.auth.uid] is string;
allow update: if request.auth != null && (
request.auth.uid == resource.data.ownerUid
|| (('roles' in resource.data)
&& resource.data.roles[request.auth.uid] == 'admin')
|| (request.resource.data.diff(resource.data)
.affectedKeys().hasOnly(['members'])
&& request.resource.data.members.diff(resource.data.members)
.affectedKeys().hasOnly([request.auth.uid]))
);
match /data/{doc} {
allow read, write: if request.auth != null
&& request.auth.uid in
get(/databases/$(database)/documents/teams/$(teamId)).data.members;
}
}
match /ledgers/{uid} {
allow read, write: if request.auth != null
&& request.auth.uid == uid;
match /{document=**} {
allow read, write: if request.auth != null
&& request.auth.uid == uid;
}
}
}
}