docs(readme): update to fix permissions error

jonathan-irvin · web-flow · commit d7d0baa2b026 · 2019-08-03T22:44:29.000-05:00
fixes #10
diff --git a/README.md b/README.md
@@ -123,31 +123,31 @@ service cloud.firestore {
     function signedIn() {
         return request.auth != null;
     }
-    
+
     function isAdmin() {
-        return signedIn() &&         
+        return signedIn() &&
         	'ADMIN'in get(/databases/$(database)/documents/users/$(request.auth.uid)).data.roles.values();
     }
-    
-    function ownsMessage() {
+
+    function isOwner() {
         return signedIn() && request.auth.uid == resource.data.userId;
     }
-    
+
     function isSelf() {
     	    return signedIn() && request.auth.uid == resource.id;
     }
-    
+
     // Rules
     match /users/{userId} {
-        allow get: if isSelf();
         allow list: if isAdmin();
-        allow write:  if isSelf() || isAdmin();
+    	   allow get, update, delete: if isSelf() || isAdmin();
+    	   allow create: if signedIn();
     }
-    
+
     match /messages/{messageId} {
         allow read: if signedIn();
-        allow create: if signedIn();
-        allow update, delete: if signedIn() && ownsMessage();
+        allow create: if signedIn() && request.resource.data.userId == request.auth.uid
+        allow update, delete: if signedIn() && isOwner();
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -123,31 +123,31 @@ service cloud.firestore {`
`123`	`123`	`function signedIn() {`
`124`	`124`	`return request.auth != null;`
`125`	`125`	`}`
`126`		`-`
	`126`	`+`
`127`	`127`	`function isAdmin() {`
`128`		`- return signedIn() &&`
	`128`	`+ return signedIn() &&`
`129`	`129`	`'ADMIN'in get(/databases/$(database)/documents/users/$(request.auth.uid)).data.roles.values();`
`130`	`130`	`}`
`131`		`-`
`132`		`- function ownsMessage() {`
	`131`	`+`
	`132`	`+ function isOwner() {`
`133`	`133`	`return signedIn() && request.auth.uid == resource.data.userId;`
`134`	`134`	`}`
`135`		`-`
	`135`	`+`
`136`	`136`	`function isSelf() {`
`137`	`137`	`return signedIn() && request.auth.uid == resource.id;`
`138`	`138`	`}`
`139`		`-`
	`139`	`+`
`140`	`140`	`// Rules`
`141`	`141`	`match /users/{userId} {`
`142`		`- allow get: if isSelf();`
`143`	`142`	`allow list: if isAdmin();`
`144`		`- allow write: if isSelf() \|\| isAdmin();`
	`143`	`+ allow get, update, delete: if isSelf() \|\| isAdmin();`
	`144`	`+ allow create: if signedIn();`
`145`	`145`	`}`
`146`		`-`
	`146`	`+`
`147`	`147`	`match /messages/{messageId} {`
`148`	`148`	`allow read: if signedIn();`
`149`		`- allow create: if signedIn();`
`150`		`- allow update, delete: if signedIn() && ownsMessage();`
	`149`	`+ allow create: if signedIn() && request.resource.data.userId == request.auth.uid`
	`150`	`+ allow update, delete: if signedIn() && isOwner();`
`151`	`151`	`}`
`152`	`152`	`}`
`153`	`153`	`}`