-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathfirestore.rules
117 lines (101 loc) · 5.33 KB
/
firestore.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
allow read: if false;
allow write: if false;
match /userSagraRoles/{userSagraRolesId} {
allow get: if hasRole('manager-ruoli');
allow list: if false;
allow create: if false;
allow update: if hasRole('manager-ruoli') && checkFieldsExistence(['roles','email'],[]) && !isBecomingSuperAdmin() && isValidRole(request.resource.data.roles);
allow delete: if false;
}
match /sagre/{sagraId} {
allow read: if false;
allow write: if false;
match /storage/{storageid} {
allow get: if hasRole('admin') || hasRole('cassa') || hasRole('cassa-istantanea');
allow list: if false;
allow create: if false;
allow update: if hasRole('admin') && checkFieldsExistence(['storageCourses'], []);
allow delete: if false;
}
match /services/{serviceId} {
allow get: if hasRole('admin');
allow list: if hasRole('admin') || hasRole('cassa') || hasRole('cassa-istantanea') || hasRole('sala') ;
allow create: if hasRole('admin') && checkFieldsExistence(['end', 'lastOrderNum','startingCourses', 'start', 'totalInstantOrders', 'totalInstantRevenue', 'totalOrders', 'totalPeople', 'totalRevenue'],[]) && checkServiceStartFields();
allow update: if hasRole('admin') && editOnlyCertainFields(['end'])
allow delete: if false;
match /orders/{orderId} {
allow get: if false;
allow list: if hasRole('sala') || hasRole('cassa') || hasRole('smazzo');
allow create: if false;
allow update: if orderCanBeUpdatedByWaiter();
allow delete: if false;
}
match /courses/{courseId} {
allow get: if false;
allow list: if hasRole('sala') || hasRole('cassa') || hasRole('smazzo');
allow write: if false;
allow create: if false;
allow update: if courseCanBeUpdatedByWaiter() || courseCanBeUpdatedByKitchen() || courseCanBeUpdatedByCashRegisterAndHub();
allow delete: if false;
}
match /instantOrders/{instantOrderId} {
allow get: if false;
allow list: if false;
allow create: if hasRole('cassa-istantanea') && checkFieldsExistence(['courses','revenue'],[])
allow update: if false;
allow delete: if false;
}
}
allow read: if false;
allow write: if false;
}
}
}
function hasRole(reqRole) {
return reqRole in request.auth.token.roles;
}
function checkFieldsExistence(requiredFields, optionalFields) {
let allFields = requiredFields.concat(optionalFields);
return request.resource.data.keys().hasAll(requiredFields) && request.resource.data.keys().hasOnly(allFields);
}
function editOnlyCertainFields(editableFields) {
return request.resource.data.diff(resource.data).affectedKeys().hasOnly(editableFields) && request.resource.data.diff(resource.data).affectedKeys().hasAll(editableFields);
}
function checkServiceStartFields() {
return incomingData().lastOrderNum == 0 && incomingData().end == null && incomingData().start is timestamp && incomingData().startingCourses is list && incomingData().totalInstantOrders == 0 && incomingData().totalOrders == 0 && incomingData().totalRevenue == 0 && incomingData().totalPeople == 0 && incomingData().totalInstantRevenue == 0;
}
function orderCanBeUpdatedByWaiter() {
return hasRole('sala') && (( editOnlyCertainFields(['tableNum','waiterId','waiterName','status']) && resource.data.status == 'pending') || (editOnlyCertainFields(['note']) && resource.data.waiterId == request.auth.uid) ||
(editOnlyCertainFields(['tableNum','waiterId','waiterName','status']) && request.resource.data.waiterId == null && request.resource.data.waiterName == null && request.resource.data.tableNum == null) );
}
function courseCanBeUpdatedByKitchen() {
return editOnlyCertainFields(['status']) && resource.data.status == 'prep' && request.resource.data.status == 'ready' && ((hasRole('cucina-primi') && request.resource.data.kitchen == 'Primi')
|| (hasRole('cucina-secondi') && request.resource.data.kitchen == 'Secondi') || (hasRole('cucina-bar') && request.resource.data.kitchen == 'Bar'));
}
function courseCanBeUpdatedByWaiter() {
return hasRole('sala') && (waiterCanTakeACourse() || waiterCanEditStatusOwnCourse() || waiterCanUnLinkOwnCourse());
}
function courseCanBeUpdatedByCashRegisterAndHub() {
return (hasRole('cassa') || hasRole('smazzo')) && editOnlyCertainFields(['status']);
}
function waiterCanTakeACourse() {
return resource.data.waiterId == null && editOnlyCertainFields(['waiterId']);
}
function waiterCanEditStatusOwnCourse() {
return resource.data.waiterId == request.auth.uid && editOnlyCertainFields(['status']);
}
function waiterCanUnLinkOwnCourse() {
return resource.data.waiterId == request.auth.uid && editOnlyCertainFields(['waiterId'])
}
function incomingData() {
return request.resource.data;
}
function isBecomingSuperAdmin() {
return 'manager-ruoli' in incomingData().roles && !('manager-ruoli' in resource.data.roles);
}
function isValidRole(roles) {
return roles.hasOnly(['admin', 'cassa', 'cassa-istantanea', 'cucina-primi', 'cucina-secondi', 'cucina-bar', 'sala', 'smazzo','manager-ruoli']);
}