voltex-notes/firestore.rules at main · Dev-Lune/voltex-notes · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {

    // Users can only access their own data
    match /users/{userId} {
      allow read, write: if request.auth != null && request.auth.uid == userId;

      // Notes subcollection
      match /notes/{noteId} {
        allow read, write: if request.auth != null && request.auth.uid == userId;
      }

      // Folders subcollection
      match /folders/{folderId} {
        allow read, write: if request.auth != null && request.auth.uid == userId;
      }

      // Settings subcollection
      match /settings/{settingId} {
        allow read, write: if request.auth != null && request.auth.uid == userId;
      }

      // Installed plugins
      match /plugins/{pluginId} {
        allow read, write: if request.auth != null && request.auth.uid == userId;
      }

      // Custom themes
      match /themes/{themeId} {
        allow read, write: if request.auth != null && request.auth.uid == userId;
      }

      // Sync metadata
      match /sync/{syncId} {
        allow read, write: if request.auth != null && request.auth.uid == userId;
      }
    }

    // Shared notes — publicly readable, owner‑writable
    match /shared/{shareId} {
      allow read: if true;
      allow create: if request.auth != null;
      allow update, delete: if request.auth != null
        && resource.data.ownerId == request.auth.uid;
    }

    // Marketplace — readable by all, writable by admins only
    match /marketplace/{collectionName}/{docId} {
      allow read: if true;
      allow write: if request.auth != null
        && exists(/databases/$(database)/documents/admins/$(request.auth.uid));
    }
  }
}