fix: deny client access to entitlement_events collection
This commit is contained in:
parent
19c6b4a6cb
commit
d86a5de2a0
|
|
@ -350,5 +350,12 @@ service cloud.firestore {
|
|||
allow delete: if isCouplesMember(coupleId);
|
||||
}
|
||||
}
|
||||
|
||||
// ── entitlement_events ────────────────────────────────────────────────────
|
||||
// Cloud Functions write idempotency markers here via the Admin SDK.
|
||||
// No client access needed — explicit deny prevents accidental future grants.
|
||||
match /entitlement_events/{eventId} {
|
||||
allow read, write: if false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue