Skip to content

Commit 8d93919

Browse files
blackforestboiblackforestboi
authored
Merge pull request #17 from WorldBrain/feature/allow-any-pioneer-amounts
Allow any pioneer amounts
2 parents c60bd9d + 1467c8f commit 8d93919

File tree

7 files changed

+249
-38
lines changed

7 files changed

+249
-38
lines changed

external/@worldbrain/memex-common

external/@worldbrain/storex

external/@worldbrain/storex-backend-dexie

external/@worldbrain/storex-backend-firestore

firebase/firestore.indexes.json

Lines changed: 31 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -1,26 +1,33 @@
11
{
2-
// Example:
3-
//
4-
// "indexes": [
5-
// {
6-
// "collectionGroup": "widgets",
7-
// "queryScope": "COLLECTION",
8-
// "fields": [
9-
// { "fieldPath": "foo", "arrayConfig": "CONTAINS" },
10-
// { "fieldPath": "bar", "mode": "DESCENDING" }
11-
// ]
12-
// },
13-
//
14-
// "fieldOverrides": [
15-
// {
16-
// "collectionGroup": "widgets",
17-
// "fieldPath": "baz",
18-
// "indexes": [
19-
// { "order": "ASCENDING", "queryScope": "COLLECTION" }
20-
// ]
21-
// },
22-
// ]
23-
// ]
24-
"indexes": [],
2+
"indexes": [
3+
{
4+
"collectionGroup": "sharedAnnotationListEntry",
5+
"queryScope": "COLLECTION",
6+
"fields": [
7+
{
8+
"fieldPath": "sharedList",
9+
"order": "ASCENDING"
10+
},
11+
{
12+
"fieldPath": "createdWhen",
13+
"order": "ASCENDING"
14+
}
15+
]
16+
},
17+
{
18+
"collectionGroup": "sharedListEntry",
19+
"queryScope": "COLLECTION",
20+
"fields": [
21+
{
22+
"fieldPath": "sharedList",
23+
"order": "ASCENDING"
24+
},
25+
{
26+
"fieldPath": "createdWhen",
27+
"order": "DESCENDING"
28+
}
29+
]
30+
}
31+
],
2532
"fieldOverrides": []
26-
}
33+
}

firebase/firestore.rules

Lines changed: 208 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -10,14 +10,8 @@ service cloud.firestore {
1010
// Ownership rules
1111
request.auth.uid == userId
1212
;
13-
allow create: if
14-
// Ownership rules
15-
request.auth.uid == userId
16-
;
17-
allow update: if
18-
// Ownership rules
19-
request.auth.uid == userId
20-
;
13+
allow create: if true;
14+
allow update: if true;
2115
allow delete: if
2216
// Ownership rules
2317
request.auth.uid == userId
@@ -44,5 +38,211 @@ service cloud.firestore {
4438
;
4539
}
4640
}
41+
match /sharedList/{sharedList} {
42+
allow list: if
43+
// Permission rules
44+
true
45+
;
46+
allow get: if
47+
// Permission rules
48+
true
49+
;
50+
allow create: if
51+
// Type checks
52+
request.resource.data.createdWhen is timestamp &&
53+
request.resource.data.updatedWhen is timestamp &&
54+
request.resource.data.title is string &&
55+
(!('description' in request.resource.data.keys()) || request.resource.data.description is string) &&
56+
57+
58+
// Ownership rules
59+
request.auth.uid == request.resource.data.creator
60+
;
61+
allow update: if
62+
// Type checks
63+
request.resource.data.createdWhen is timestamp &&
64+
request.resource.data.updatedWhen is timestamp &&
65+
request.resource.data.title is string &&
66+
(!('description' in request.resource.data.keys()) || request.resource.data.description is string) &&
67+
68+
69+
// Ownership rules
70+
request.auth.uid == resource.data.creator && (request.auth.uid == request.resource.data.creator || (!('creator' in request.resource.data.keys())))
71+
;
72+
allow delete: if
73+
// Ownership rules
74+
request.auth.uid == resource.data.creator
75+
;
76+
}
77+
match /sharedListCreatorInfo/{creator} {
78+
match /lists/{sharedListCreatorInfo} {
79+
allow list: if
80+
// Permission rules
81+
true
82+
;
83+
allow get: if
84+
// Permission rules
85+
true
86+
;
87+
allow create: if
88+
// Type checks
89+
request.resource.data.localListId is timestamp &&
90+
91+
92+
// Ownership rules
93+
request.auth.uid == creator
94+
;
95+
allow update: if
96+
// Type checks
97+
request.resource.data.localListId is timestamp &&
98+
99+
100+
// Ownership rules
101+
request.auth.uid == creator
102+
;
103+
allow delete: if
104+
// Ownership rules
105+
request.auth.uid == creator
106+
;
107+
}
108+
}
109+
match /sharedListEntry/{sharedListEntry} {
110+
allow list: if
111+
// Permission rules
112+
true
113+
;
114+
allow get: if
115+
// Permission rules
116+
true
117+
;
118+
allow create: if
119+
// Type checks
120+
request.resource.data.createdWhen is timestamp &&
121+
request.resource.data.updatedWhen is timestamp &&
122+
request.resource.data.entryTitle is string &&
123+
request.resource.data.normalizedUrl is string &&
124+
request.resource.data.originalUrl is string &&
125+
126+
127+
// Ownership rules
128+
request.auth.uid == request.resource.data.creator
129+
;
130+
allow update: if
131+
// Type checks
132+
request.resource.data.createdWhen is timestamp &&
133+
request.resource.data.updatedWhen is timestamp &&
134+
request.resource.data.entryTitle is string &&
135+
request.resource.data.normalizedUrl is string &&
136+
request.resource.data.originalUrl is string &&
137+
138+
139+
// Ownership rules
140+
request.auth.uid == resource.data.creator && (request.auth.uid == request.resource.data.creator || (!('creator' in request.resource.data.keys())))
141+
;
142+
allow delete: if
143+
// Ownership rules
144+
request.auth.uid == resource.data.creator
145+
;
146+
}
147+
match /sharedAnnotation/{sharedAnnotation} {
148+
allow list: if
149+
// Permission rules
150+
true
151+
;
152+
allow get: if
153+
// Permission rules
154+
true
155+
;
156+
allow create: if
157+
// Type checks
158+
request.resource.data.normalizedPageUrl is string &&
159+
request.resource.data.createdWhen is timestamp &&
160+
request.resource.data.uploadedWhen is timestamp &&
161+
request.resource.data.updatedWhen is timestamp &&
162+
(!('body' in request.resource.data.keys()) || request.resource.data.body is string) &&
163+
(!('comment' in request.resource.data.keys()) || request.resource.data.comment is string) &&
164+
(!('selector' in request.resource.data.keys()) || request.resource.data.selector is string) &&
165+
166+
167+
// Ownership rules
168+
request.auth.uid == request.resource.data.creator
169+
;
170+
allow update: if
171+
// Type checks
172+
request.resource.data.normalizedPageUrl is string &&
173+
request.resource.data.createdWhen is timestamp &&
174+
request.resource.data.uploadedWhen is timestamp &&
175+
request.resource.data.updatedWhen is timestamp &&
176+
(!('body' in request.resource.data.keys()) || request.resource.data.body is string) &&
177+
(!('comment' in request.resource.data.keys()) || request.resource.data.comment is string) &&
178+
(!('selector' in request.resource.data.keys()) || request.resource.data.selector is string) &&
179+
180+
181+
// Ownership rules
182+
request.auth.uid == resource.data.creator && (request.auth.uid == request.resource.data.creator || (!('creator' in request.resource.data.keys())))
183+
;
184+
allow delete: if
185+
// Ownership rules
186+
request.auth.uid == resource.data.creator
187+
;
188+
}
189+
match /sharedAnnotationListEntry/{sharedAnnotationListEntry} {
190+
allow list: if
191+
// Permission rules
192+
true
193+
;
194+
allow get: if
195+
// Permission rules
196+
true
197+
;
198+
allow create: if
199+
// Type checks
200+
request.resource.data.createdWhen is timestamp &&
201+
request.resource.data.uploadedWhen is timestamp &&
202+
request.resource.data.updatedWhen is timestamp &&
203+
request.resource.data.normalizedPageUrl is string &&
204+
205+
206+
// Ownership rules
207+
request.auth.uid == request.resource.data.creator
208+
;
209+
allow update: if
210+
// Type checks
211+
request.resource.data.createdWhen is timestamp &&
212+
request.resource.data.uploadedWhen is timestamp &&
213+
request.resource.data.updatedWhen is timestamp &&
214+
request.resource.data.normalizedPageUrl is string &&
215+
216+
217+
// Ownership rules
218+
request.auth.uid == resource.data.creator && (request.auth.uid == request.resource.data.creator || (!('creator' in request.resource.data.keys())))
219+
;
220+
allow delete: if
221+
// Ownership rules
222+
request.auth.uid == resource.data.creator
223+
;
224+
}
225+
match /user/{id} {
226+
allow get: if
227+
// Permission rules
228+
true
229+
;
230+
allow create: if
231+
// Type checks
232+
(!('displayName' in request.resource.data.keys()) || request.resource.data.displayName is string) &&
233+
234+
235+
// Ownership rules
236+
request.auth.uid == id
237+
;
238+
allow update: if
239+
// Type checks
240+
(!('displayName' in request.resource.data.keys()) || request.resource.data.displayName is string) &&
241+
242+
243+
// Ownership rules
244+
request.auth.uid == id
245+
;
246+
}
47247
}
48248
}

tools/generate-rules.ts

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,8 @@ import { FirestoreStorageBackend } from '@worldbrain/storex-backend-firestore'
99
import { generateRulesAstFromStorageModules } from '@worldbrain/storex-backend-firestore/lib/security-rules'
1010
import { serializeRulesAST } from '@worldbrain/storex-backend-firestore/lib/security-rules/ast';
1111
import { SharedSyncLogStorage } from '@worldbrain/storex-sync/lib/shared-sync-log/storex'
12+
import ContentSharingStorage from '@worldbrain/memex-common/lib/content-sharing/storage'
13+
import UserManagementStorage from '@worldbrain/memex-common/lib/user-management/storage'
1214
import { registerModuleMapCollections } from '@worldbrain/storex-pattern-modules'
1315

1416
async function createStorage() {
@@ -18,7 +20,9 @@ async function createStorage() {
1820
const serverBackend = { configure: () => { } } as any as StorageBackend
1921
const serverStorageManager = new StorageManager({ backend: serverBackend })
2022
const serverModules = {
21-
sharedSyncLog: new SharedSyncLogStorage({ storageManager: serverStorageManager, autoPkType: 'string' })
23+
sharedSyncLog: new SharedSyncLogStorage({ storageManager: serverStorageManager, autoPkType: 'string' }),
24+
contentSharing: new ContentSharingStorage({ storageManager: serverStorageManager, autoPkType: 'string' }),
25+
userManagement: new UserManagementStorage({ storageManager: serverStorageManager }),
2226
}
2327
registerModuleMapCollections(serverStorageManager.registry, serverModules)
2428
await serverStorageManager.finishInitialization()
@@ -45,7 +49,7 @@ export async function main() {
4549
const firestoreRulesPath = path.join(firebaseRootDir, firebaseConfig['firestore']['rules'])
4650
const ast = await generateRulesAstFromStorageModules(storage.server.modules as any, {
4751
storageRegistry: storage.server.manager.registry,
48-
excludeTypeChecks: true,
52+
excludeTypeChecks: ['sharedSyncLogDeviceInfo', 'sharedSyncLogEntryBatch'],
4953
})
5054
const serialized = serializeRulesAST(ast)
5155
fs.writeFileSync(firestoreRulesPath, serialized)

0 commit comments

Comments
 (0)