@edgedev/firebase 1.8.6 → 1.8.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/edgeFirebase.ts +1 -0
  2. package/package.json +1 -1
  3. package/src/firestore.rules +12 -12
package/edgeFirebase.ts CHANGED
@@ -1633,6 +1633,7 @@ export const EdgeFirebase = class {
1633
1633
  docId?: string,
1634
1634
  ): Promise<actionResponse> => {
1635
1635
  const cloneItem = JSON.parse(JSON.stringify(item));
1636
+ cloneItem.uid = this.user.uid;
1636
1637
  if (docId !== undefined) {
1637
1638
  await setDoc( doc(this.db, collectionPath, docId), cloneItem);
1638
1639
  } else {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@edgedev/firebase",
3
- "version": "1.8.6",
3
+ "version": "1.8.7",
4
4
  "description": "Vue 3 / Nuxt 3 Plugin or Nuxt 3 plugin for firebase authentication and firestore.",
5
5
  "main": "index.ts",
6
6
  "scripts": {
package/src/firestore.rules CHANGED
@@ -241,39 +241,39 @@ service cloud.firestore {
241
241
  match /{seg2} {
242
242
  allow get: if checkPermission(seg1 + "-" + seg2, "read");
243
243
  allow list: if checkPermission(seg1, "read");
244
- allow create: if checkPermission(seg1, "write");
245
- allow update: if checkPermission(seg1 + "-" + seg2, "write");
244
+ allow create: if request.auth.uid == request.resource.data.uid && checkPermission(seg1, "write");
245
+ allow update: if request.auth.uid == request.resource.data.uid && checkPermission(seg1 + "-" + seg2, "write");
246
246
  allow delete: if checkPermission(seg1, "delete");
247
247
  match /{seg3} {
248
248
  allow get: if checkPermission(seg1 + "-" + seg2 + "-" + seg3, "read");
249
249
  allow list: if checkPermission(seg1 + "-" + seg2, "read");
250
- allow create: if checkPermission(seg1 + "-" + seg2, "write");
251
- allow update: if checkPermission(seg1 + "-" + seg2 + "-" + seg3, "write");
250
+ allow create: if request.auth.uid == request.resource.data.uid && checkPermission(seg1 + "-" + seg2, "write");
251
+ allow update: if request.auth.uid == request.resource.data.uid && checkPermission(seg1 + "-" + seg2 + "-" + seg3, "write");
252
252
  allow delete: if checkPermission(seg1 + "-" + seg2, "delete");
253
253
  match /{seg4} {
254
254
  allow get: if checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4, "read");
255
255
  allow list: if checkPermission(seg1 + "-" + seg2 + "-" + seg3, "read");
256
- allow create: if checkPermission(seg1 + "-" + seg2 + "-" + seg3, "write");
257
- allow update: if checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4, "write");
256
+ allow create: if request.auth.uid == request.resource.data.uid && checkPermission(seg1 + "-" + seg2 + "-" + seg3, "write");
257
+ allow update: if request.auth.uid == request.resource.data.uid && checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4, "write");
258
258
  allow delete: if checkPermission(seg1 + "-" + seg2 + "-" + seg3, "delete");
259
259
 
260
260
  match /{seg5} {
261
261
  allow get: if checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5, "read");
262
262
  allow list: if checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4, "read");
263
- allow create: if checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4, "write");
264
- allow update: if checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5, "write");
263
+ allow create: if request.auth.uid == request.resource.data.uid && checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4, "write");
264
+ allow update: if request.auth.uid == request.resource.data.uid && checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5, "write");
265
265
  allow delete: if checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4, "delete");
266
266
  match /{seg6} {
267
267
  allow get: if checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5 + "-" + seg6, "read");
268
268
  allow list: if checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5, "read");
269
- allow create: if checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5, "write");
270
- allow update: if checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5 + "-" + seg6, "write");
269
+ allow create: if request.auth.uid == request.resource.data.uid && checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5, "write");
270
+ allow update: if request.auth.uid == request.resource.data.uid && checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5 + "-" + seg6, "write");
271
271
  allow delete: if checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5, "delete");
272
272
  match /{seg7} {
273
273
  allow get: if checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5 + "-" + seg6 + "-" + seg7, "read");
274
274
  allow list: if checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5 + "-" + seg6, "read");
275
- allow create: if checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5 + "-" + seg6, "write");
276
- allow update: if checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5 + "-" + seg6 + "-" + seg7, "write");
275
+ allow create: if request.auth.uid == request.resource.data.uid && checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5 + "-" + seg6, "write");
276
+ allow update: if request.auth.uid == request.resource.data.uid && checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5 + "-" + seg6 + "-" + seg7, "write");
277
277
  allow delete: if checkPermission(seg1 + "-" + seg2 + "-" + seg3 + "-" + seg4 + "-" + seg5 + "-" + seg6, "delete");
278
278
  }
279
279
  }