forked from fiuhonors/myhonors-old
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrules.json
210 lines (193 loc) · 5.02 KB
/
rules.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
{
"rules": {
// set defaults to no reads and no writes unless you're an Administrator
".read": "auth.isAdmin === true",
".write": "auth.isAdmin === true",
"system_settings": {
".read": true
},
"user_profiles": {
".read": true,
".write": "auth.isStaff === true",
"$userId": {
".read": "auth.id == $userId",
// we need to temporarily allow Arch mods to edit users since we don't have a full list of faculty,
// staff, and students in the system yet. Once we have that data in place, we can move the isArchMod
// half of this .write rule down into the archProjects child
".write": "auth.id == $userId || auth.isArchMod === true",
//".validate": "newData.hasChildren(['fname', 'lname'])", // we can add this back after we settle the above situation with Arch
// validate specific entries
"fname": {
".validate": "newData.isString()"
},
"lname": {
".validate": "newData.isString()"
},
"pid": {
// Panther ID is intentionally stored as a string instead of a number. Think of it like a
// username, we're never going to perform any numerical additions or subtractions with it
".validate": "newData.isString()"
},
"lastActivity": {
// timestamp in milliseconds, used to check if the user has ever logged in before (if not, we create a profile for them)
// and can also be used for one-time code executions or announcement broadcasts (if the user hasn't logged on since
// [date/time when something important happened], execute some code or show the user an announcement about it)
".validate": "newData.isNumber()"
},
"rsvps": {
"$eventID": {
// no rules
}
},
"attendance": {
".write": "auth.isEventMod === true || auth.isStaff === true",
},
"comments": {
"$commentID": {
".validate": "newData.isBoolean()"
}
},
"points": {
"$commentId": {
".validate": "newData.isBoolean()"
}
},
"archProjects": {
"$projectId": {
".validate": "newData.isBoolean()"
}
},
"volunteerHours": {
"$volunteerId": {
".validate": "newData.isBoolean()"
}
},
"shirtSize": {
".read": true,
".write": true
},
// prevents any extra children (we only want the fields that are explicitly identified here)
"$other": {
".validate": false
}
}
},
"events": {
// anyone can read event info, but only Event moderators can add new events and edit
// any of the details
".read": true,
".write": "auth.isEventMod === true",
"$eventId": {
"name": {
".validate": "newData.isString()"
},
"desc": {
".validate": "newData.isString()"
},
"types": {
// no rules
},
"options": {
// no rules
},
"date": {
// events must have a start & end date, and start date must come before its end date
".validate": "newData.hasChildren(['starts', 'ends']) && newData.child('starts').val() < newData.child('ends').val()",
"starts": {
".validate": "newData.isNumber()"
},
"ends": {
".validate": "newData.isNumber()"
}
},
"location": {
".validate": "newData.hasChild('name')",
"lng": {
".validate": "newData.isNumber()"
},
"lat": {
".validate": "newData.isNumber()"
},
"name": {
".validate": "newData.isString()"
}
},
"comments": {
// anyone can comment on an event
".write": true,
"$commentId": {
".validate": "newData.isBoolean()"
}
},
"rsvps": {
// anyone can RSVP to an event
".write": true,
"$userId": {
// no rules
}
},
"attendance": {
".write": "auth.isEventMod === true || auth.isStaff === true",
},
// prevents any extra children (we only want the fields that are explicitly identified here)
"$other": {
".validate": false
}
}
},
"courses": {
".read": true,
".write": true
},
"careers": {
".read": true,
".write": true
},
"comments": {
"$commentID": {
".read": true,
".write": "auth.id == newData.child('author').val()", // ensure author of comment is current user
".validate": "newData.hasChildren(['author', 'date', 'content'])",
// validate specific properties
"author": {
".validate": "newData.isString()"
},
"date": {
".validate": "newData.isNumber()"
},
"content": {
".validate": "newData.isString()"
},
"points": {
".read": true,
".write": true
},
"parent": {
".validate": "newData.isString() && root.child('comments').hasChild(newData.val())"
},
"children": {
".write": true,
"$childId": {
".validate": "newData.isBoolean()"
}
},
// prevents any extra children (we only want the fields that are explicitly identified here)
"$other": {
".validate": false
}
}
},
"arch": {
".read": true,
".write": true
},
"furc": {
".read": true,
".write": true
},
"volunteerHours": {
".read": true,
".write": true
}
}
}