@edgedev/firebase 2.0.36 → 2.1.37

package/edgeFirebase.ts

@@ -349,64 +349,6 @@ export const EdgeFirebase = class {
     this.unsubscribe.userMeta = metaUnsubscribe;
   };
 
-  private startCollectionPermissionsSync = async (): Promise<void> => {
-    // TODO: In future get roles from user and only sync those collections 
-    // Perhaps by getting all "first segments" and get all that start with that
-    const q = this.getQuery('collection-data');
-    const docs = await getDocs(q);
-    let items = {}
-    docs.forEach((doc) => {
-      const item = doc.data();
-      item.docId = doc.id;
-      items[doc.id] = item;
-    });
-    this.state.collectionPermissions = items;
-    if (!this.state.collectionPermissions['-default-']) {
-      const collectionItem = {
-        collectionPath:  '-default-',
-        docId: '-default-',
-        admin: {
-          assign: true,
-          read: true,
-          write: true,
-          delete: true
-        },
-        editor: {
-          assign: false,
-          read: true,
-          write: true,
-          delete: true
-        },
-        writer: {
-          assign: false,
-          read: true,
-          write: true,
-          delete: false
-        },
-        user: {
-          assign: false,
-          read: true,
-          write: false,
-          delete: false
-        }
-      };
-      await setDoc(
-        doc(this.db, "collection-data", "-default-"),
-        collectionItem
-      );
-    }
-    this.stopSnapshot('collection-data');
-    const unsubscribe = onSnapshot(q, (querySnapshot) => {
-      items = {};
-      querySnapshot.forEach((doc) => {
-        const item = doc.data();
-        item.docId = doc.id;
-        items[doc.id] = item;
-      });
-      this.state.collectionPermissions = items;
-    });
-    this.unsubscribe['collection-data'] = unsubscribe
-  }
 
   private ruleHelperReset = async (): Promise<void> => {
     const initRoleHelper = { uid: this.user.uid, 'edge-assignment-helper': {permissionType: "roles"} }
@@ -417,7 +359,6 @@ export const EdgeFirebase = class {
   private startUserMetaSync = async (docSnap): Promise<void> => {
     // Took this out because if another client is logged in, it breaks the other client
     // await this.ruleHelperReset();
-    await this.startCollectionPermissionsSync()
     await this.initUserMetaPermissions(docSnap);
     this.user.loggedIn = true;
     this.user.loggingIn = false;
@@ -1060,6 +1001,8 @@ export const EdgeFirebase = class {
     this.state.ruleHelpers[ruleKey] = ruleCheck;
   }
 
+
+
   public permissionCheckOnly = (action: action, collectionPath: string): boolean => {
     const collection = collectionPath.replaceAll("-", "/").split("/");
     let index = collection.length;
@@ -1079,10 +1022,12 @@ export const EdgeFirebase = class {
         );
 
         if (role) {
-          permissionData = this.getCollectionPermissions(
-            permissionCheck,
-            role.role
-          );
+          permissionData = this.state.permissions[role.role] || {
+            read: false,
+            write: false,
+            delete: false,
+            assign: false
+          };
         }
         const specialPermission = this.user.specialPermissions.find(
           (r) => r.collectionPath === permissionCheck
@@ -1096,10 +1041,12 @@ export const EdgeFirebase = class {
     if (!permissionData[action]) {
       const rootRole = this.user.roles.find((r) => r.collectionPath === "-");
       if (rootRole) {
-        permissionData = this.getCollectionPermissions(
-          "-",
-          rootRole.role
-        );
+        permissionData = this.state.permissions[rootRole.role] || {
+          read: false,
+          write: false,
+          delete: false,
+          assign: false
+        };
       }
       const rootSpecialPermission = this.user.specialPermissions.find(
         (r) => r.collectionPath === "-"
@@ -1122,32 +1069,6 @@ export const EdgeFirebase = class {
     return check;
   };
 
-  private getCollectionPermissions = (
-    collectionPath: string,
-    role: string
-  ): permissions => {
-    if (Object.prototype.hasOwnProperty.call(this.state.collectionPermissions, collectionPath)) {
-      if (Object.prototype.hasOwnProperty.call(this.state.collectionPermissions[collectionPath], role)) {
-        const permissionData = this.state.collectionPermissions[collectionPath][role];
-        return {
-          read: permissionData.read,
-          write: permissionData.write,
-          delete: permissionData.delete,
-          assign: permissionData.assign
-        };
-      }
-    }
-    if (Object.prototype.hasOwnProperty.call(this.state.collectionPermissions, '-default-')) {
-      return this.state.collectionPermissions['-default-'][role];
-    }
-    return {
-      read: false,
-      write: false,
-      delete: false,
-      assign: false
-    };
-  };
-
   private generateUserMeta = async (userMeta: newUser): Promise<actionResponse> => {
     const roles: role[] = userMeta.roles || [];
     const specialPermissions: specialPermission[] = userMeta.specialPermissions || [];
@@ -1277,7 +1198,12 @@ export const EdgeFirebase = class {
   });
 
   public state = reactive({
-    collectionPermissions: {},
+   permissions: {
+      'admin': {'assign': true, 'delete': true, 'read': true, 'write': true},
+      'editor': {'assign': false, 'delete': true, 'read': true, 'write': true},
+      'user': {'assign': false, 'delete': false, 'read': true, 'write': false},
+      'writer': {'assign': false, 'delete': false, 'read': true, 'write': true}
+    },
     users: {},
     registrationCode: "",
     registrationMeta: {},
@@ -2127,7 +2053,7 @@ export const EdgeFirebase = class {
 
 
   // File functions
-  public uploadFile = async (filePath: string, file: Blob): Promise<actionResponse> => {
+  public uploadFile = async (filePath: string, file: Blob, isPublic: boolean): Promise<actionResponse> => {
 
       // Validate if file is provided
       if (!file) {
@@ -2139,7 +2065,11 @@ export const EdgeFirebase = class {
       }
 
       // Check if the user has write permission to the filePath
-      const hasWritePermission = await this.permissionCheck("write", filePath);
+      let hasWritePermission = await this.permissionCheck("write", filePath);
+      if (isPublic) {
+        hasWritePermission = true;
+        filePath = "public";
+      }
       if (!hasWritePermission) {
         return this.sendResponse({
           success: false,
@@ -2149,13 +2079,21 @@ export const EdgeFirebase = class {
       }
 
       try {
-        const tempFilePath = `${filePath.replaceAll('/', '-')}` + '/' + file.name;
+        let randomId = ''
+        if (isPublic) {
+          randomId = Math.random().toString(36).substring(2, 6) + '-'
+        }
+        const tempFilePath = `${filePath.replaceAll('/', '-')}` + '/' + randomId + file.name;
         const fileRef = ref(this.storage, tempFilePath);
+        if (isPublic) {
+          await uploadBytes(fileRef, file, { contentType: file.type, cacheControl: 'public, max-age=31536000' });
+        } else {
         await uploadBytes(fileRef, file);
+        }
         return this.sendResponse({
           success: true,
           message: "File uploaded successfully.",
-          meta: {}
+          meta: {file: tempFilePath}
         });
       } catch (error) {
         return this.sendResponse({

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@edgedev/firebase",
-  "version": "2.0.36",
+  "version": "2.1.37",
   "description": "Vue 3 / Nuxt 3 Plugin or Nuxt 3 plugin for firebase authentication and firestore.",
   "main": "index.ts",
   "scripts": {

package/src/config.js

@@ -26,6 +26,41 @@ const { getFirestore } = require('firebase-admin/firestore')
 const twilio = require('twilio')
 const db = getFirestore()
 
+// The permissionCheck function
+
+const permissions = {
+  'admin': {'assign': true, 'delete': true, 'read': true, 'write': true},
+  'editor': {'assign': false, 'delete': true, 'read': true, 'write': true},
+  'user': {'assign': false, 'delete': false, 'read': true, 'write': false},
+  'writer': {'assign': false, 'delete': false, 'read': true, 'write': true}
+};
+
+const permissionCheck = async (userId, action, originalFilePath) => {
+  // Fetch user document
+  const collectionPath = originalFilePath.replace(/\//g, '-')
+  const userDoc = await db.collection('users').doc(userId).get()
+  if (!userDoc.exists) {
+    console.log('No such user!')
+    return false // Or handle as needed
+  }
+  const userData = userDoc.data()
+
+  // Fetch roles from user data
+  const roles = Object.values(userData.roles || {})
+
+  for (const role of roles) {
+    // Check if the role's collectionPath is a prefix of the collectionPath
+    if (collectionPath.startsWith(role.collectionPath)) {
+      // Use permissions object instead of fetching collection data
+      const rolePermissions = permissions[role.role];
+      if (rolePermissions && rolePermissions[action]) {
+        return true;
+      }
+    }
+  }
+  return false;
+}
+
 module.exports = {
   pubsub,
   onMessagePublished,
@@ -46,5 +81,7 @@ module.exports = {
   twilio,
   db,
   Storage,
+  permissionCheck,
 }
 
+

package/src/edgeFirebase.js

@@ -1,6 +1,6 @@
 /* eslint-disable @typescript-eslint/no-var-requires */
 /* eslint-disable no-undef */
-const { onCall, HttpsError, logger, getFirestore, functions, admin, twilio, db, onSchedule, onDocumentUpdated, pubsub, Storage } = require('./config.js')
+const { onCall, HttpsError, logger, getFirestore, functions, admin, twilio, db, onSchedule, onDocumentUpdated, pubsub, Storage, permissionCheck } = require('./config.js')
 
 const authToken = process.env.TWILIO_AUTH_TOKEN
 const accountSid = process.env.TWILIO_SID
@@ -13,32 +13,6 @@ function formatPhoneNumber(phone) {
   return `+1${numericPhone}`
 }
 
-const permissionCheck = async (userId, action, originalFilePath) => {
-  // Fetch user document
-  const collectionPath = originalFilePath.replace(/\//g, '-')
-  const userDoc = await db.collection('users').doc(userId).get()
-  const userData = userDoc.data()
-
-  // Fetch roles from user data
-  const roles = Object.values(userData.roles || {})
-
-  for (const role of roles) {
-    // Check if the role's collectionPath is a prefix of the collectionPath
-    if (collectionPath.startsWith(role.collectionPath)) {
-      // Fetch collection data
-      const collectionDoc = await db.collection('collection-data').doc(role.collectionPath).get()
-      const collectionData = collectionDoc.exists ? collectionDoc.data() : await db.collection('collection-data').doc('-default-').get().then(doc => doc.data())
-
-      // Check if action is permitted
-      if (collectionData && collectionData[role.role] && collectionData[role.role][action]) {
-        return true
-      }
-    }
-  }
-  // If no permission found, return false
-  return false
-}
-
 exports.topicQueue = onSchedule({ schedule: 'every 1 minutes', timeoutSeconds: 180 }, async (event) => {
   const queuedTopicsRef = db.collection('topic-queue')
   const snapshot = await queuedTopicsRef.get()
@@ -156,18 +130,8 @@ exports.verifyPhoneNumber = onCall(async (request) => {
 })
 
 exports.initFirestore = onCall(async (request) => {
-  // checks to see of the collections 'collection-data' and 'staged-users' exist if not will seed them with data
-  const collectionData = await db.collection('collection-data').get()
+  // checks to see of the collections 'staged-users' exist if not will seed them with data
   const stagedUsers = await db.collection('staged-users').get()
-  if (collectionData.empty) {
-    // create a document with the id of '-' and one called '-default-':
-    const admin = { assign: true, delete: true, read: true, write: true }
-    const editor = { assign: false, delete: true, read: true, write: true }
-    const writer = { assign: false, delete: false, read: true, write: true }
-    const user = { assign: false, delete: false, read: true, write: false }
-    await db.collection('collection-data').doc('-').set({ admin, editor, writer, user })
-    await db.collection('collection-data').doc('-default-').set({ admin, editor, writer, user })
-  }
   if (stagedUsers.empty) {
     const templateUser = {
       docId: 'organization-registration-template',

package/src/firestore.rules

@@ -56,11 +56,14 @@ service cloud.firestore {
 
   match /databases/{database}/documents/collection-data/{collectionPath} {
     // TODO: these rules need tested.
-    function getRolePermission(role, collection, permissionCheck) {
-        let pathCollectionPermissions = get(/databases/$(database)/documents/collection-data/$(collection)).data;
-        let defaultPermissions = get(/databases/$(database)/documents/collection-data/-default-).data;
-        return (role in pathCollectionPermissions && pathCollectionPermissions[role][permissionCheck]) ||
-              (role in defaultPermissions && defaultPermissions[role][permissionCheck]);
+    function getRolePermission(role, permissionCheck) {
+        let permissions = {
+          'admin': {'assign': true, 'delete': true, 'read': true, 'write': true},
+          'editor': {'assign': false, 'delete': true, 'read': true, 'write': true},
+          'user': {'assign': false, 'delete': false, 'read': true, 'write': false},
+          'writer': {'assign': false, 'delete': false, 'read': true, 'write': true}
+        };
+        return permissions[role][permissionCheck];
     }
     function canAssign() {
       let user = get(/databases/$(database)/documents/users/$(request.auth.uid)).data;
@@ -76,7 +79,7 @@ service cloud.firestore {
         "roles" in user && 
         ruleHelper[collectionPath].permissionCheckPath in user.roles &&
         "role" in user.roles[ruleHelper[collectionPath].permissionCheckPath] &&
-         getRolePermission(user.roles[ruleHelper[collectionPath].permissionCheckPath].role, collectionPath, "assign")
+         getRolePermission(user.roles[ruleHelper[collectionPath].permissionCheckPath].role, "assign")
       );
     }
     allow read: if request.auth != null; // All signed in users can read collection-data
@@ -141,7 +144,7 @@ service cloud.firestore {
               (
                 (
                   "roles" in user &&
-                  getRolePermission(user.roles[permissionCheckPath].role, permissionCheckPath, "assign")
+                  getRolePermission(user.roles[permissionCheckPath].role, "assign")
                 ) ||
                 (
                   "specialPermissions" in user &&
@@ -160,7 +163,7 @@ service cloud.firestore {
               (
                 "roles" in user &&
                 ruleHelper["edge-assignment-helper"].permissionCheckPath in user.roles &&
-                getRolePermission(user.roles[ruleHelper["edge-assignment-helper"].permissionCheckPath].role, ruleHelper["edge-assignment-helper"].permissionCheckPath, 'assign')
+                getRolePermission(user.roles[ruleHelper["edge-assignment-helper"].permissionCheckPath].role, 'assign')
               ) ||
               (
                 "specialPermissions" in user &&
@@ -188,7 +191,7 @@ service cloud.firestore {
                 (
                   "roles" in user &&
                   permissionCheckPath in user.roles &&
-                  getRolePermission(user.roles[permissionCheckPath].role, permissionCheckPath, "assign")
+                  getRolePermission(user.roles[permissionCheckPath].role, "assign")
                 ) ||
                 (
                   "specialPermissions" in user &&
@@ -216,12 +219,15 @@ service cloud.firestore {
       return request.resource.data.roles.size() == 0 && request.resource.data.specialPermissions.size() == 0;
     }
 
-    function getRolePermission(role, collection, permissionCheck) {
-        let pathCollectionPermissions = get(/databases/$(database)/documents/collection-data/$(collection)).data;
-        let defaultPermissions = get(/databases/$(database)/documents/collection-data/-default-).data;
-        return (role in pathCollectionPermissions && pathCollectionPermissions[role][permissionCheck]) ||
-              (role in defaultPermissions && defaultPermissions[role][permissionCheck]);
-      }
+    function getRolePermission(role, permissionCheck) {
+        let permissions = {
+          'admin': {'assign': true, 'delete': true, 'read': true, 'write': true},
+          'editor': {'assign': false, 'delete': true, 'read': true, 'write': true},
+          'user': {'assign': false, 'delete': false, 'read': true, 'write': false},
+          'writer': {'assign': false, 'delete': false, 'read': true, 'write': true}
+        };
+        return permissions[role][permissionCheck];
+     }
 
      function canGet () {
        return resource == null || 
@@ -237,11 +243,14 @@ service cloud.firestore {
   }
 
   match /databases/{database}/documents/{seg1} {
-      function getRolePermission(role, collection, permissionCheck) {
-        let pathCollectionPermissions = get(/databases/$(database)/documents/collection-data/$(collection)).data;
-        let defaultPermissions = get(/databases/$(database)/documents/collection-data/-default-).data;
-        return (role in pathCollectionPermissions && pathCollectionPermissions[role][permissionCheck]) ||
-              (role in defaultPermissions && defaultPermissions[role][permissionCheck]);
+      function getRolePermission(role, permissionCheck) {
+        let permissions = {
+          'admin': {'assign': true, 'delete': true, 'read': true, 'write': true},
+          'editor': {'assign': false, 'delete': true, 'read': true, 'write': true},
+          'user': {'assign': false, 'delete': false, 'read': true, 'write': false},
+          'writer': {'assign': false, 'delete': false, 'read': true, 'write': true}
+        };
+        return permissions[role][permissionCheck];
       }
       function checkPermission(collectionPath, permissionCheck) {
           let user = get(/databases/$(database)/documents/users/$(request.auth.uid)).data;
@@ -267,7 +276,7 @@ service cloud.firestore {
                     (
                       "roles" in user &&
                       ruleHelper[collectionPath].permissionCheckPath in user.roles &&
-                      getRolePermission(user.roles[ruleHelper[collectionPath].permissionCheckPath].role, ruleHelper[collectionPath].permissionCheckPath, permissionCheck)
+                      getRolePermission(user.roles[ruleHelper[collectionPath].permissionCheckPath].role, permissionCheck)
                     ) ||
                     (
                       "specialPermissions" in user &&

package/src/storage.rules

@@ -36,6 +36,11 @@ service firebase.storage {
                 )
               );
     }
+    match /public/{fileId} {
+      // Public directory with special rules
+      allow read: if true; // Unrestricted read access
+      allow write, delete: if request.auth != null; // Write and delete require authentication
+    }
     match /{dir}/{fileId} {
       // General read permission check based on Firestore data
       allow read: if checkPermission("read", dir);