[go: up one dir, main page]
Scribd
Upload
11 views1 page

Firestore

This document outlines Firestore security rules for a database, specifying access permissions based on user roles. Users can read data if authenticated, while write access is restricted to those with 'admin' or 'unit head' roles. The rules apply to various collections including units, personnels, user accounts, pending users, and cases.

Uploaded by

jomarroxas10
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
11 views1 page

Firestore

This document outlines Firestore security rules for a database, specifying access permissions based on user roles. Users can read data if authenticated, while write access is restricted to those with 'admin' or 'unit head' roles. The rules apply to various collections including units, personnels, user accounts, pending users, and cases.

Uploaded by

jomarroxas10
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 1

rules_version = '2';

service cloud.firestore {
match /databases/{database}/documents {
// Helper function to check if user is an admin or unit head
function isAdminOrUnitHead() {
return request.auth != null && (
request.auth.token.role == 'admin' ||
request.auth.token.role == 'unit head'
);
}

// Rules for units and Personnels (as provided)


match /units/{unitId} {
allow read: if request.auth != null;
allow write: if isAdminOrUnitHead();
match /Personnels/{personnelId} {
allow read: if request.auth != null;
allow write: if isAdminOrUnitHead();
}
}

// Rules for users_napolcomAccount


match /users_napolcomAccount/{userId} {
allow read: if request.auth != null;
allow write: if isAdminOrUnitHead();
}

// Rules for pending_users (temporary storage for unverified users)


match /pending_users/{pendingUserId} {
allow read: if isAdminOrUnitHead();
allow write: if isAdminOrUnitHead();
}

// Rules for other collections (admin_cases, criminal_cases, drop-down)


match /admin_cases/{document=**} {
allow read: if request.auth != null;
allow write: if isAdminOrUnitHead();
}

match /criminal_cases/{document=**} {
allow read: if request.auth != null;
allow write: if isAdminOrUnitHead();
}

match /drop-down/{document=**} {
allow read: if request.auth != null;
allow write: if isAdminOrUnitHead();
}
}
}

You might also like