chore: update couple create rule comment to reflect server-only flow (batch v0.2.20)

This commit is contained in:
null 2026-06-19 21:52:19 -05:00
parent c31177d52b
commit 8be7b7da0e
1 changed files with 3 additions and 2 deletions

View File

@ -200,8 +200,9 @@ service cloud.firestore {
// Read: both members can read
allow read: if isCouplesMember(coupleId);
// Create: acceptor creates the couple doc during pairing (client-side).
// Must be a member of the couple and include required fields.
// Create: server-side only via the acceptInviteCallable Cloud Function.
// The Admin SDK bypasses these rules. The shape check remains as defense
// in depth in case any other trusted server process creates a couple doc.
allow create: if isSignedIn()
&& request.auth.uid in request.resource.data.userIds
&& request.resource.data.keys().hasAll([