diff --git a/Basic-Car-Maintenance.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved b/Basic-Car-Maintenance.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved index 50f034cf..bf72ba19 100644 --- a/Basic-Car-Maintenance.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved +++ b/Basic-Car-Maintenance.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved @@ -69,8 +69,8 @@ "kind" : "remoteSourceControl", "location" : "https://github.com/google/gtm-session-fetcher.git", "state" : { - "revision" : "a2ab612cb980066ee56d90d60d8462992c07f24b", - "version" : "3.5.0" + "revision" : "5cfe5f090c982de9c58605d2a82a4fc77b774fbd", + "version" : "4.1.0" } }, { @@ -114,8 +114,8 @@ "kind" : "remoteSourceControl", "location" : "https://github.com/apple/swift-protobuf.git", "state" : { - "revision" : "edb6ed4919f7756157fe02f2552b7e3850a538e5", - "version" : "1.28.1" + "revision" : "ebc7251dd5b37f627c93698e4374084d98409633", + "version" : "1.28.2" } }, { diff --git a/Basic-Car-Maintenance/Documentation.docc/FirestoreCollections.md b/Basic-Car-Maintenance/Documentation.docc/FirestoreCollections.md index 6401104f..1aa692bb 100644 --- a/Basic-Car-Maintenance/Documentation.docc/FirestoreCollections.md +++ b/Basic-Car-Maintenance/Documentation.docc/FirestoreCollections.md @@ -53,27 +53,26 @@ The vehicles collection contains all the vehicles associated with a specific use **alerts** : read-only for all users -**maintenance_events** : Authorized users can read and write to the maintenance events collection that is associated with their `userID`. +**vehicles**: Authorized users can ready and write to vehicles collection that is associated with their `userID`. With `rules_version` set to `2`, the subcollections (`maintenance_events` and `odometer_readings`) will automatically have the same rules + +> At the moment this is recommended, but not in production yet, because this is failing in the emulator -**vehicles**: Authorized users can ready and write to vehicles collection that is associated with their `userID`. ``` -rules_version = '1'; -service cloud.firestore { -match /databases/{database}/documents { +rules_version = '2'; - match /alerts/{document=\*\*} { - allow read; - } +service cloud.firestore { + match /databases/{database}/documents { - match /maintenance_events/{allPaths=**} { - allow read, write: if request.auth != null && request.auth.uid == userId; + match /alerts/{document=**} { + allow read; } - match /vehicles/{allPaths=**} { - allow read, write: if request.auth != null && request.auth.uid == userId; - } + match /vehicles/{vehicleId}/{document=**} { + // Allow users to create vehicles if authenticated + allow create: if request.auth != null; + allow read, update, delete: if request.auth != null && resource.data.userID == request.auth.uid; } - + } } ``` diff --git a/backend/firestore.rules b/backend/firestore.rules index 50713dba..68841121 100644 --- a/backend/firestore.rules +++ b/backend/firestore.rules @@ -3,16 +3,12 @@ rules_version = '2'; service cloud.firestore { match /databases/{database}/documents { - // This rule allows anyone with your Firestore database reference to view, edit, - // and delete all data in your Firestore database. It is useful for getting - // started, but it is configured to expire after 30 days because it - // leaves your app open to attackers. At that time, all client - // requests to your Firestore database will be denied. - // - // Make sure to write security rules for your app before that time, or else - // all client requests to your Firestore database will be denied until you Update - // your rules - match /{document=**} { + match /alerts/{document=**} { + allow read; + } + + match /vehicles/{vehicleId}/{document=**} { + // Allow users to create vehicles if authenticated allow read, write: if true; } }