-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathstorage.rules
More file actions
35 lines (30 loc) · 1.27 KB
/
Copy pathstorage.rules
File metadata and controls
35 lines (30 loc) · 1.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
// Helper function to check if request is from an authorized device
function isAuthorizedDevice(greenhouseId) {
return request.auth != null &&
request.auth.token.isDevice == true &&
request.auth.token.greenhouseId == greenhouseId;
}
// Helper function to check if user has access to greenhouse
// Note: Storage rules cannot query Firestore, so we rely on custom claims
function hasGreenhouseAccess(greenhouseId) {
return request.auth != null &&
(greenhouseId in request.auth.token.greenhouses ||
request.auth.token.greenhouseId == greenhouseId);
}
// Images and videos from greenhouse cameras
match /greenhouses/{greenhouseId}/{allPaths=**} {
// Allow users with greenhouse access to read
allow read: if hasGreenhouseAccess(greenhouseId);
// Only allow authorized devices to write (e.g., camera uploads)
allow write: if isAuthorizedDevice(greenhouseId);
}
// User uploads (profile pictures, etc.)
match /users/{userId}/{allPaths=**} {
allow read: if request.auth != null;
allow write: if request.auth != null && request.auth.uid == userId;
}
}
}