feat: add Firestore rules for entitlements and notification_queue collections

This commit is contained in:
null 2026-06-17 19:10:45 -05:00
parent 534bb076c7
commit 2b1238a64c
1 changed files with 13 additions and 0 deletions

View File

@ -57,6 +57,19 @@ service cloud.firestore {
&& !request.resource.data.keys().hasAny(['hasPremium']);
allow update: if isOwner(uid)
&& !request.resource.data.diff(resource.data).affectedKeys().hasAny(['hasPremium']);
// Entitlements written server-side only (RevenueCat webhook via Admin SDK).
// Client needs read access so FirestoreEntitlementChecker can observe premium state.
match /entitlements/{entitlementDoc} {
allow read: if isOwner(uid);
allow write: if false;
}
// Notification queue written server-side only (Cloud Functions).
// No client read needed; the app reacts to FCM push, not this collection.
match /notification_queue/{notificationId} {
allow read, write: if false;
}
}
// ── Date ideas (read-only catalog) ─────────────────────────────────────────