@edgedev/create-edge-app 1.0.48 → 1.0.50

package/firestore.rules.backup

@@ -1,323 +0,0 @@
-rules_version = '2';
-// #EDGE FIREBASE RULES START
-service cloud.firestore {
-
-  match /databases/{database}/documents/phone-auth/{phone} {
-    allow read: if false;
-    allow create: if false;  
-    allow update: if false; 
-    allow delete: if false; 
-  }
-
-  match /databases/{database}/documents/topic-queue/{topic} {
-    allow read: if false;
-    allow create: if false;  
-    allow update: if false; 
-    allow delete: if false; 
-  }
-
-
-  match /databases/{database}/documents/public-users/{user} {
-    allow read: if request.auth != null;
-    allow list: if request.auth != null;
-    allow create: if false;  
-    allow update: if false; 
-    allow delete: if false; 
-  }
-
-  match /databases/{database}/documents/events/{event} {
-    allow read: if false;
-    allow create: if false;  
-    allow update: if false; 
-    allow delete: if false; 
-  }
-  
-  match /databases/{database}/documents/rule-helpers/{helper} {
-    allow read: if false;
-    allow create: if request.auth.uid == request.resource.data.uid;  
-    allow update: if request.auth.uid == request.resource.data.uid;
-    allow delete: if false; 
-  }
-
-  match /databases/{database}/documents/users/{user} {
-      function readSelf() {
-        return  resource == null ||
-                (
-                  "userId" in resource.data && 
-                  resource.data.userId == request.auth.uid
-                );
-      }
-    
-    allow read: if readSelf();
-    allow create: if false;
-    allow update: if false;
-    allow delete: if false;
-  }
-
-  match /databases/{database}/documents/collection-data/{collectionPath} {
-    // TODO: these rules need tested.
-    function getRolePermission(role, collection, permissionCheck) {
-        let pathCollectionPermissions = get(/databases/$(database)/documents/collection-data/$(collection)).data;
-        let defaultPermissions = get(/databases/$(database)/documents/collection-data/-default-).data;
-        return (role in pathCollectionPermissions && pathCollectionPermissions[role][permissionCheck]) ||
-              (role in defaultPermissions && defaultPermissions[role][permissionCheck]);
-    }
-    function canAssign() {
-      let user = get(/databases/$(database)/documents/users/$(request.auth.uid)).data;
-      let ruleHelper = get(/databases/$(database)/documents/rule-helpers/$(request.auth.uid)).data['edge-assignment-helper'];
-      return collectionPath.matches("^" + ruleHelper[collectionPath].permissionCheckPath + ".*$") &&
-      (
-        "specialPermissions" in user &&
-        ruleHelper[collectionPath].permissionCheckPath in user.specialPermissions &&
-        "assign" in user.specialPermissions[ruleHelper[collectionPath].permissionCheckPath] &&
-         user.specialPermissions[ruleHelper[collectionPath].permissionCheckPath]["assign"]
-      ) ||
-      (
-        "roles" in user && 
-        ruleHelper[collectionPath].permissionCheckPath in user.roles &&
-        "role" in user.roles[ruleHelper[collectionPath].permissionCheckPath] &&
-         getRolePermission(user.roles[ruleHelper[collectionPath].permissionCheckPath].role, collectionPath, "assign")
-      );
-    }
-    allow read: if request.auth != null; // All signed in users can read collection-data
-    allow create: if canAssign();
-    allow update: if canAssign();
-    allow delete: if canAssign();
-  }
-
-  match /databases/{database}/documents/staged-users/{user} {
-
-    function canUpdate() {
-      let user = get(/databases/$(database)/documents/users/$(request.auth.uid)).data;
-      let ruleHelper = get(/databases/$(database)/documents/rule-helpers/$(request.auth.uid)).data;
-      
-      return (
-              request.auth.uid == request.resource.data.uid &&
-              (
-                (
-                  (
-                     request.resource.data.userId == resource.data.userId ||
-                     resource.data.userId == ""
-                   ) &&
-                  (
-                    request.resource.data.userId == request.auth.uid ||
-                    request.resource.data.templateUserId == request.auth.uid
-                  )
-                ) ||
-                (
-                  request.resource.data.userId == resource.data.userId &&
-                  "edge-assignment-helper" in ruleHelper &&
-                  permissionUpdatesCheck(user, ruleHelper, "roles") && 
-                  permissionUpdatesCheck(user, ruleHelper, "specialPermssions")
-                )
-              )
-             );
-             
-    }
-
-
-    function permissionUpdatesCheck(user, ruleHelper, permissionType) {
-      return !(permissionType in request.resource.data) ||
-              (
-                resource.data.userId == request.auth.uid && 
-                request.resource.data[permissionType].keys().hasOnly(resource.data[permissionType].keys())
-              ) ||
-              (
-                resource.data.userId != request.auth.uid &&
-                 permissionCheck(permissionType, user, ruleHelper)
-              );
-    }
-    function permissionCheck(permissionType, user, ruleHelper) {
-        let lastPathUpdated = ruleHelper["edge-assignment-helper"].fullPath;
-        let permissionCheckPath = ruleHelper["edge-assignment-helper"].permissionCheckPath;
-        return request.resource.data[permissionType].diff(resource.data[permissionType]).affectedKeys().size() == 0 || 
-            (
-              request.resource.data[permissionType].diff(resource.data[permissionType]).affectedKeys().size() == 1 && 
-              request.resource.data[permissionType].diff(resource.data[permissionType]).affectedKeys() == [lastPathUpdated].toSet() &&
-              (
-                 permissionCheckPath == "-" || 
-                 lastPathUpdated.matches("^" + permissionCheckPath + ".*$")
-              ) &&
-              (
-                (
-                  "roles" in user &&
-                  getRolePermission(user.roles[permissionCheckPath].role, permissionCheckPath, "assign")
-                ) ||
-                (
-                  "specialPermissions" in user &&
-                  permissionCheckPath in user.specialPermissions &&
-                  "assign" in user.specialPermissions[permissionCheckPath] &&
-                  user.specialPermissions[permissionCheckPath]["assign"]
-                )
-              )
-            );
-    }
-
-    function canAssign(user, ruleHelper) {
-      return request.auth != null &&
-             "edge-assignment-helper" in ruleHelper &&
-             (
-              (
-                "roles" in user &&
-                ruleHelper["edge-assignment-helper"].permissionCheckPath in user.roles &&
-                getRolePermission(user.roles[ruleHelper["edge-assignment-helper"].permissionCheckPath].role, ruleHelper["edge-assignment-helper"].permissionCheckPath, 'assign')
-              ) ||
-              (
-                "specialPermissions" in user &&
-                ruleHelper["edge-assignment-helper"].permissionCheckPath in user.specialPermissions &&
-                "assign" in user.specialPermissions[ruleHelper["edge-assignment-helper"].permissionCheckPath] &&
-                user.specialPermissions[ruleHelper["edge-assignment-helper"].permissionCheckPath]["assign"]
-              )
-             )
-    }
-
-    function canAssignSubCreatePath(user, ruleHelper) {
-      let permissionCheckPath = ruleHelper["edge-assignment-helper"].permissionCheckPath;
-      return  (
-                !("subCreate" in request.resource.data) ||
-                (
-                  "subCreate" in request.resource.data &&
-                  request.resource.data.subCreate.keys().size() == 0 
-                )
-              )||
-              (
-                 permissionCheckPath == "-" || 
-                 request.resource.data.subCreate.rootPath.matches("^" + permissionCheckPath + ".*$")
-              ) &&
-              (
-                (
-                  "roles" in user &&
-                  permissionCheckPath in user.roles &&
-                  getRolePermission(user.roles[permissionCheckPath].role, permissionCheckPath, "assign")
-                ) ||
-                (
-                  "specialPermissions" in user &&
-                  permissionCheckPath in user.specialPermissions &&
-                  "assign" in user.specialPermissions[permissionCheckPath] &&
-                  user.specialPermissions[permissionCheckPath]["assign"]
-                )
-              )
-
-    }
-
-    function canList() {
-      let user = get(/databases/$(database)/documents/users/$(request.auth.uid)).data;
-      let ruleHelper = get(/databases/$(database)/documents/rule-helpers/$(request.auth.uid)).data;
-      return canAssign(user, ruleHelper);
-    }
-
-    function canCreate() {
-      let user = get(/databases/$(database)/documents/users/$(request.auth.uid)).data;
-      let ruleHelper = get(/databases/$(database)/documents/rule-helpers/$(request.auth.uid)).data;
-      return noPermissionData() && canAssign(user, ruleHelper) && canAssignSubCreatePath(user, ruleHelper);
-    }
-
-    function noPermissionData() {
-      return request.resource.data.roles.size() == 0 && request.resource.data.specialPermissions.size() == 0;
-    }
-
-    function getRolePermission(role, collection, permissionCheck) {
-        let pathCollectionPermissions = get(/databases/$(database)/documents/collection-data/$(collection)).data;
-        let defaultPermissions = get(/databases/$(database)/documents/collection-data/-default-).data;
-        return (role in pathCollectionPermissions && pathCollectionPermissions[role][permissionCheck]) ||
-              (role in defaultPermissions && defaultPermissions[role][permissionCheck]);
-      }
-
-     function canGet () {
-       return resource == null || 
-             ("userId" in resource.data && resource.data.userId == "") || 
-             ("userId" in resource.data && resource.data.userId == request.auth.uid) ||
-             canAssign(get(/databases/$(database)/documents/users/$(request.auth.uid)).data, get(/databases/$(database)/documents/rule-helpers/$(request.auth.uid)).data);
-     }
-    allow get: if canGet();
-    allow list: if canList();
-    allow create: if canCreate();
-    allow update: if canUpdate();
-    allow delete: if false // TODO if isTemplate is true... can delete... otherwise users never deleted just removed from collection paths
-  }
-
-  match /databases/{database}/documents/{seg1} {
-      function getRolePermission(role, collection, permissionCheck) {
-        let pathCollectionPermissions = get(/databases/$(database)/documents/collection-data/$(collection)).data;
-        let defaultPermissions = get(/databases/$(database)/documents/collection-data/-default-).data;
-        return (role in pathCollectionPermissions && pathCollectionPermissions[role][permissionCheck]) ||
-              (role in defaultPermissions && defaultPermissions[role][permissionCheck]);
-      }
-      function checkPermission(collectionPath, permissionCheck) {
-          let user = get(/databases/$(database)/documents/users/$(request.auth.uid)).data;
-          let skipPaths = ["collection-data", "users", "staged-users", "events", "rule-helpers", "phone-auth", "public-users", "topic-queue"];
-          let ruleHelper = get(/databases/$(database)/documents/rule-helpers/$(request.auth.uid)).data;
-          return !(collectionPath in skipPaths) &&
-                 !(permissionCheck == "write" && 
-                    (
-                      ("stripeCustomerId" in request.resource.data && (!("stripeCustomerId" in resource.data) || resource.data.stripeCustomerId != request.resource.data.stripeCustomerId)) ||
-                      ("stripeSubscription" in request.resource.data && (!("stripeSubscription" in resource.data) || resource.data.stripeSubscription != request.resource.data.stripeSubscription))
-                    )
-                  ) &&
-                  request.auth != null &&
-                  collectionPath in ruleHelper &&
-                  "permissionCheckPath" in ruleHelper[collectionPath] &&
-                  (
-                    ruleHelper[collectionPath].permissionCheckPath == "-" ||
-                    collectionPath.matches("^" + ruleHelper[collectionPath].permissionCheckPath + ".*$")
-                  ) &&
-                  (
-                    (
-                      "roles" in user &&
-                      ruleHelper[collectionPath].permissionCheckPath in user.roles &&
-                      getRolePermission(user.roles[ruleHelper[collectionPath].permissionCheckPath].role, ruleHelper[collectionPath].permissionCheckPath, permissionCheck)
-                    ) ||
-                    (
-                      "specialPermissions" in user &&
-                      ruleHelper[collectionPath].permissionCheckPath in user.specialPermissions &&
-                      permissionCheck in user.specialPermissions[ruleHelper[collectionPath].permissionCheckPath] &&
-                      user.specialPermissions[ruleHelper[collectionPath].permissionCheckPath][permissionCheck]
-                    )
-                  );
-        }
-      match /{seg2} {
-        allow get: if checkPermission(seg1 + "-" + seg2, "read");
-        allow list: if checkPermission(seg1, "read");
-        allow create: if request.auth.uid == request.resource.data.uid && checkPermission(seg1, "write");
-        allow update: if request.auth.uid == request.resource.data.uid && checkPermission(seg1 + "-" + seg2, "write");
-        allow delete: if checkPermission(seg1, "delete");
-        match /{seg3} {
-          allow get: if checkPermission(seg1 + "-" + seg2 + "-" + seg3, "read");
-          allow list: if checkPermission(seg1 + "-" + seg2, "read");
-          allow create: if request.auth.uid == request.resource.data.uid && checkPermission(seg1 + "-" + seg2, "write");
-          allow update: if request.auth.uid == request.resource.data.uid && checkPermission(seg1 + "-" + seg2 + "-" + seg3, "write");
-          allow delete: if checkPermission(seg1 + "-" + seg2, "delete");
-          match /{seg4} {
-            allow get: if checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4, "read");
-            allow list: if checkPermission(seg1 + "-" + seg2 + "-" + seg3, "read");
-            allow create: if request.auth.uid == request.resource.data.uid && checkPermission(seg1 + "-" + seg2 + "-" + seg3, "write");
-            allow update: if request.auth.uid == request.resource.data.uid && checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4, "write");
-            allow delete: if checkPermission(seg1 + "-" + seg2 + "-" + seg3, "delete");
-
-            match /{seg5} {
-              allow get: if checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5, "read");
-              allow list: if checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4, "read");
-              allow create: if request.auth.uid == request.resource.data.uid && checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4, "write");
-              allow update: if request.auth.uid == request.resource.data.uid && checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5, "write");
-              allow delete: if checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4, "delete");
-              match /{seg6} {
-                allow get: if checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5 + "-" + seg6, "read");
-                allow list: if checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5, "read");
-                allow create: if request.auth.uid == request.resource.data.uid && checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5, "write");
-                allow update: if request.auth.uid == request.resource.data.uid && checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5 + "-" + seg6, "write");
-                allow delete: if checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5, "delete");
-                match /{seg7} {
-                  allow get: if checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5 + "-" + seg6 + "-" + seg7, "read");
-                  allow list: if checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5 + "-" + seg6, "read");
-                  allow create: if request.auth.uid == request.resource.data.uid && checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5 + "-" + seg6, "write");
-                  allow update: if request.auth.uid == request.resource.data.uid && checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5 + "-" + seg6 + "-" + seg7, "write");
-                  allow delete: if checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5 + "-" + seg6, "delete");
-                }
-              }
-            }
-          }
-        }
-      }
-    }
-  }
-// #EDGE FIREBASE RULES END

package/functions/.env.dev

@@ -1,7 +0,0 @@
-STRIPE_API_KEY=
-STRIPE_SECRET=
-STRIPE_RETURN_URL=
-OPENAI_API_KEY=
-TWILIO_SID=
-TWILIO_AUTH_TOKEN=
-TWILIO_SYSTEM_NUMBER=

package/functions/.env.prod

@@ -1,7 +0,0 @@
-STRIPE_API_KEY=
-STRIPE_SECRET=
-STRIPE_RETURN_URL=
-OPENAI_API_KEY=
-TWILIO_SID=
-TWILIO_AUTH_TOKEN=
-TWILIO_SYSTEM_NUMBER=

package/functions/index.js

@@ -1,7 +0,0 @@
-require('dotenv').config({ path: process.env.NODE_ENV === 'production' ? '.env.prod' : '.env.dev' })
-
-exports.stripe = require('./stripe')
-
-// START @edge/firebase functions
-exports.edgeFirebase = require('./edgeFirebase')
-// END @edge/firebase functions

package/functions/package.json

@@ -1,37 +0,0 @@
-{
-  "name": "functions",
-  "private": true,
-  "description": "Cloud Functions for Firebase",
-  "main": "index.js",
-  "engines": {
-    "node": "16"
-  },
-  "scripts": {
-    "serve": "firebase emulators:start --only functions",
-    "shell": "firebase functions:shell",
-    "start": "npm run shell",
-    "deploy": "firebase deploy --only functions",
-    "logs": "firebase functions:log"
-  },
-  "dependencies": {
-    "@aws-sdk/client-s3": "^3.582.0",
-    "@aws-sdk/s3-request-presigner": "^3.582.0",
-    "@google-cloud/pubsub": "^4.9.0",
-    "aws-sdk": "^2.1692.0",
-    "axios": "^1.7.2",
-    "crypto": "^1.0.1",
-    "dotenv": "^16.4.7",
-    "exceljs": "^4.4.0",
-    "firebase-admin": "^13.0.2",
-    "firebase-functions": "^6.2.0",
-    "form-data": "^4.0.1",
-    "formidable-serverless": "^1.1.1",
-    "moment-timezone": "^0.5.46",
-    "openai": "^4.78.1",
-    "stripe": "^13.11.0",
-    "twilio": "^4.23.0"
-  },
-  "devDependencies": {
-    "firebase-functions-test": "^0.2.0"
-  }
-}

package/functions/stripe.js

@@ -1,103 +0,0 @@
-const stripe = require('stripe')(process.env.STRIPE_API_KEY)
-const { onCall, HttpsError, logger, getFirestore, functions, admin, twilio, db, onRequest } = require('./config.js')
-
-exports.redirectToBilling = onCall(async (request) => {
-  const data = request.data
-  const auth = request.auth
-
-  if (data.uid !== auth.uid) {
-    throw new HttpsError('failed-precondition', 'The function must be called by the user who is to be redirected.')
-  }
-
-  const userDoc = await db.collection('staged-users').doc(data.uid).get()
-  if (!userDoc.exists) {
-    throw new HttpsError('not-found', 'No user found for the provided ID.')
-  }
-
-  const collectionPaths = userDoc.data().collectionPaths
-  if (!collectionPaths || collectionPaths.length === 0) {
-    throw new HttpsError('not-found', 'No collection paths found for the user.')
-  }
-
-  const orgDoc = await db.doc(collectionPaths[0].replace('-', '/')).get()
-  if (!orgDoc.exists) {
-    throw new HttpsError('not-found', 'No organization found for the user.')
-  }
-
-  const stripeCustomerId = orgDoc.data().stripeCustomerId
-  if (!stripeCustomerId) {
-    throw new HttpsError('not-found', 'No Stripe customer ID found for the organization.')
-  }
-
-  const session = await stripe.billingPortal.sessions.create({
-    customer: stripeCustomerId,
-    return_url: process.env.STRIPE_RETURN_URL,
-  })
-  return { url: session.url }
-})
-
-exports.webhook = onRequest(async (request, response) => {
-  let event
-
-  try {
-    event = stripe.webhooks.constructEvent(request.rawBody, request.headers['stripe-signature'], process.env.STRIPE_SECRET)
-  }
-  catch (err) {
-    await db.collection('stripe').add({
-      message: err.message,
-      name: err.name,
-      stack: err.stack,
-    })
-    response.status(400).send(`Webhook Error: ${err.message}`)
-    return
-  }
-
-  const session = event.data.object
-  const client_reference_id = session.client_reference_id
-
-  let docRef
-  if (client_reference_id) {
-    // Check if client_reference_id exists
-    docRef = db.collection('organizations').doc(client_reference_id)
-  }
-  else if (session.customer) {
-    // If client_reference_id doesn't exist, check if session.customer exists
-    const orgsSnapshot = await db.collection('organizations').where('stripeCustomerId', '==', session.customer).get()
-    if (!orgsSnapshot.empty) {
-      docRef = orgsSnapshot.docs[0].ref
-    }
-  }
-
-  if (docRef) {
-    const doc = await docRef.get()
-    if (doc.exists) {
-      // Record any event related to the client_reference_id
-      const date = new Date()
-      const formattedDate = `${date.getFullYear()}${(`0${date.getMonth() + 1}`).slice(-2)}${(`0${date.getDate()}`).slice(-2)}${(`0${date.getHours()}`).slice(-2)}${(`0${date.getMinutes()}`).slice(-2)}${(`0${date.getSeconds()}`).slice(-2)}${(`00${date.getMilliseconds()}`).slice(-3)}`
-      const docId = `${event.type}-${formattedDate}`
-      await docRef.collection('stripe').doc(docId).set({ session, event })
-
-      // Handle subscription events
-
-      if (session.customer) {
-        await docRef.update({ stripeCustomerId: session.customer })
-      }
-      if (session?.lines?.data[0]?.plan?.product) {
-        await docRef.update({ stripeProductId: session.lines.data[0].plan.product })
-      }
-      if (session?.lines?.data[0]?.price?.id) {
-        await docRef.update({ stripePriceId: session.lines.data[0].price.id })
-      }
-
-      if (['customer.subscription.created', 'customer.subscription.updated', 'customer.subscription.deleted'].includes(event.type)) {
-        await docRef.update({ stripeSubscription: session.status })
-      }
-      response.json({ received: true })
-      return
-    }
-  }
-
-  // If no matching organization, store to a root collection called 'stripe'
-  await db.collection('stripe').add(session)
-  response.json({ received: true })
-})

package/storage.rules

@@ -1,61 +0,0 @@
-rules_version = '2';
-service firebase.storage {
-  match /b/{bucket}/o {
-    match /{allPaths=**} {
-      allow read, write: if false;
-    }
-  }
-}
-// #EDGE FIREBASE RULES START
-service firebase.storage {
-  match /b/{bucket}/o {
-    // Match the file path structure you're using, simulating the Firestore document path structure for permissions.
-    function getRolePermission(role, permissionCheck) {
-      let permissions = {
-        'admin': {'assign': true, 'delete': true, 'read': true, 'write': true},
-        'editor': {'assign': false, 'delete': true, 'read': true, 'write': true},
-        'user': {'assign': false, 'delete': false, 'read': true, 'write': false},
-        'writer': {'assign': false, 'delete': false, 'read': true, 'write': true}
-      };
-      return permissions[role][permissionCheck];
-    }
-    function checkPermission(permissionCheck, collectionPath) {
-      let user = firestore.get(/databases/(default)/documents/users/$(request.auth.uid)).data;
-      let ruleHelper = firestore.get(/databases/(default)/documents/rule-helpers/$(request.auth.uid)).data;
-      return  request.auth != null &&
-              collectionPath in ruleHelper &&
-              "permissionCheckPath" in ruleHelper[collectionPath] &&
-              (
-                ruleHelper[collectionPath].permissionCheckPath == "-" ||
-                collectionPath.matches("^" + ruleHelper[collectionPath].permissionCheckPath + ".*$")
-              ) &&
-              (
-                (
-                  "roles" in user &&
-                  ruleHelper[collectionPath].permissionCheckPath in user.roles &&
-                  getRolePermission(user.roles[ruleHelper[collectionPath].permissionCheckPath].role, permissionCheck)
-                ) ||
-                (
-                  "specialPermissions" in user &&
-                  ruleHelper[collectionPath].permissionCheckPath in user.specialPermissions &&
-                  permissionCheck in user.specialPermissions[ruleHelper[collectionPath].permissionCheckPath] &&
-                  user.specialPermissions[ruleHelper[collectionPath].permissionCheckPath][permissionCheck]
-                )
-              );
-    }
-    match /public/{fileId} {
-      // Public directory with special rules
-      allow read: if true; // Unrestricted read access
-      allow write, delete: if request.auth != null; // Write and delete require authentication
-    }
-    match /{dir}/{fileId} {
-      // General read permission check based on Firestore data
-      allow read: if checkPermission("read", dir);
-      // General write permission check, including creating and updating files
-      allow write: if checkPermission("write", dir);
-      // General delete permission check
-      allow delete: if checkPermission("write", dir);
-    }
-  }
-}
-// #EDGE FIREBASE RULES END