feat: add Firestore rules for entitlements and notification_queue collections
This commit is contained in:
parent
534bb076c7
commit
2b1238a64c
|
|
@ -57,6 +57,19 @@ service cloud.firestore {
|
||||||
&& !request.resource.data.keys().hasAny(['hasPremium']);
|
&& !request.resource.data.keys().hasAny(['hasPremium']);
|
||||||
allow update: if isOwner(uid)
|
allow update: if isOwner(uid)
|
||||||
&& !request.resource.data.diff(resource.data).affectedKeys().hasAny(['hasPremium']);
|
&& !request.resource.data.diff(resource.data).affectedKeys().hasAny(['hasPremium']);
|
||||||
|
|
||||||
|
// Entitlements written server-side only (RevenueCat webhook via Admin SDK).
|
||||||
|
// Client needs read access so FirestoreEntitlementChecker can observe premium state.
|
||||||
|
match /entitlements/{entitlementDoc} {
|
||||||
|
allow read: if isOwner(uid);
|
||||||
|
allow write: if false;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Notification queue written server-side only (Cloud Functions).
|
||||||
|
// No client read needed; the app reacts to FCM push, not this collection.
|
||||||
|
match /notification_queue/{notificationId} {
|
||||||
|
allow read, write: if false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// ── Date ideas (read-only catalog) ─────────────────────────────────────────
|
// ── Date ideas (read-only catalog) ─────────────────────────────────────────
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue