feat: add Firestore rules for entitlements and notification_queue collections
This commit is contained in:
parent
534bb076c7
commit
2b1238a64c
|
|
@ -57,6 +57,19 @@ service cloud.firestore {
|
|||
&& !request.resource.data.keys().hasAny(['hasPremium']);
|
||||
allow update: if isOwner(uid)
|
||||
&& !request.resource.data.diff(resource.data).affectedKeys().hasAny(['hasPremium']);
|
||||
|
||||
// Entitlements written server-side only (RevenueCat webhook via Admin SDK).
|
||||
// Client needs read access so FirestoreEntitlementChecker can observe premium state.
|
||||
match /entitlements/{entitlementDoc} {
|
||||
allow read: if isOwner(uid);
|
||||
allow write: if false;
|
||||
}
|
||||
|
||||
// Notification queue written server-side only (Cloud Functions).
|
||||
// No client read needed; the app reacts to FCM push, not this collection.
|
||||
match /notification_queue/{notificationId} {
|
||||
allow read, write: if false;
|
||||
}
|
||||
}
|
||||
|
||||
// ── Date ideas (read-only catalog) ─────────────────────────────────────────
|
||||
|
|
|
|||
Loading…
Reference in New Issue