fix: deny client access to entitlement_events collection

This commit is contained in:
null 2026-06-17 19:42:41 -05:00
parent 19c6b4a6cb
commit d86a5de2a0
1 changed files with 7 additions and 0 deletions

View File

@ -350,5 +350,12 @@ service cloud.firestore {
allow delete: if isCouplesMember(coupleId);
}
}
// ── entitlement_events ────────────────────────────────────────────────────
// Cloud Functions write idempotency markers here via the Admin SDK.
// No client access needed — explicit deny prevents accidental future grants.
match /entitlement_events/{eventId} {
allow read, write: if false;
}
}
}