Merge pull request #113 from jphacks/firestore-rules

Firestoreセキュリティルールを更新し、ユーザーごとのアクセス制御を追加

Author: yuto-trd

firebase/firestore.rules

@@ -12,8 +12,26 @@ service cloud.firestore {
     // Make sure to write security rules for your app before that time, or else
     // all client requests to your Firestore database will be denied until you Update
     // your rules
-    match /{document=**} {
-      allow read, write: if request.time < timestamp.date(2024, 11, 25);
+    match /users/{userId} {
+    	allow read, write: if request.auth != null
+      	&& userId == request.auth.uid;
+      
+      match /events/{eventId} {
+    		allow read, write: if request.auth != null
+      		&& userId == request.auth.uid;
+    	}
+      
+      match /want-todos/{todoId} {
+    		allow read, write: if request.auth != null
+      		&& userId == request.auth.uid;
+    	}
+    }
+    
+    match /notifications/{notificationId} {
+    	allow read: if request.auth != null
+      		&& resource.data.userId == request.auth.uid;
+    	allow write: if request.auth != null
+      		&& request.resource.data.userId == request.auth.uid;
     }
   }
 }