backend-manager 2.0.27 → 2.0.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +2 -2
  2. package/templates/database.rules.json +27 -2
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "backend-manager",
3
- "version": "2.0.27",
3
+ "version": "2.0.28",
4
4
  "description": "Quick tools for developing Firebase functions",
5
5
  "main": "src/manager/index.js",
6
6
  "bin": {
@@ -65,4 +65,4 @@
65
65
  "src/",
66
66
  "templates/"
67
67
  ]
68
- }
68
+ }
package/templates/database.rules.json CHANGED
@@ -1,6 +1,31 @@
1
1
  {
2
2
  "rules": {
3
- ".read": true,
4
- ".write": true
3
+ "gatherings": {
4
+ ".read": false,
5
+ ".write": false,
6
+ "online": {
7
+ ".read": "auth.uid != null && query.equalTo == auth.uid",
8
+ ".write": false,
9
+ ".indexOn": ["uid"],
10
+ "$uid": {
11
+ ".read": "
12
+ // Allowed if user is signed in AND is the owner of the doc
13
+ (auth != null && auth.uid == data.child('uid').val())
14
+ ",
15
+ ".write": "
16
+ // Allowed if the user is signed in AND is the owner of the existing doc
17
+ (auth != null && auth.uid == data.child('uid').val())
18
+ // Allowed if the user is signed in AND is the owner of the new doc
19
+ || (auth != null && auth.uid == newData.child('uid').val())
20
+ // Allowed if it's a delete
21
+ || (!newData.exists())
22
+ // Allowed if the existing doc has no owner
23
+ || (data.child('uid').val() == '')
24
+ // Allowed if the new doc has no owner
25
+ || (newData.child('uid').val() == '')
26
+ ",
27
+ }
28
+ }
29
+ }
5
30
  }
6
31
  }