From 2b1238a64c5059981db2d14d06fe4149de683934 Mon Sep 17 00:00:00 2001 From: null Date: Wed, 17 Jun 2026 19:10:45 -0500 Subject: [PATCH] feat: add Firestore rules for entitlements and notification_queue collections --- firestore.rules | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/firestore.rules b/firestore.rules index 29324d1c..885948c4 100644 --- a/firestore.rules +++ b/firestore.rules @@ -57,6 +57,19 @@ service cloud.firestore { && !request.resource.data.keys().hasAny(['hasPremium']); allow update: if isOwner(uid) && !request.resource.data.diff(resource.data).affectedKeys().hasAny(['hasPremium']); + + // Entitlements written server-side only (RevenueCat webhook via Admin SDK). + // Client needs read access so FirestoreEntitlementChecker can observe premium state. + match /entitlements/{entitlementDoc} { + allow read: if isOwner(uid); + allow write: if false; + } + + // Notification queue written server-side only (Cloud Functions). + // No client read needed; the app reacts to FCM push, not this collection. + match /notification_queue/{notificationId} { + allow read, write: if false; + } } // ── Date ideas (read-only catalog) ─────────────────────────────────────────