fix: deny client access to entitlement_events collection
This commit is contained in:
parent
19c6b4a6cb
commit
d86a5de2a0
|
|
@ -350,5 +350,12 @@ service cloud.firestore {
|
||||||
allow delete: if isCouplesMember(coupleId);
|
allow delete: if isCouplesMember(coupleId);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ── entitlement_events ────────────────────────────────────────────────────
|
||||||
|
// Cloud Functions write idempotency markers here via the Admin SDK.
|
||||||
|
// No client access needed — explicit deny prevents accidental future grants.
|
||||||
|
match /entitlement_events/{eventId} {
|
||||||
|
allow read, write: if false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue