@blinkk/root-cms
v1.3.14
Published
Firestore must be setup as `Native Mode` and not `Datastore Mode`
Downloads
4,447
Keywords
Readme
Setting up Firestore
Firestore must be setup as Native Mode
and not Datastore Mode
Firestore read/writes will need to be locked down by adding the following to the security rules (in Firebase's Firestore UI):
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if false;
}
match /Projects/{project} {
allow write:
if isSignedIn() && userIsAdmin();
allow read:
if isSignedIn() && userCanRead();
match /{collection}/{document=**} {
allow write:
if isSignedIn() && userCanWrite();
allow read:
if isSignedIn() && userCanRead();
}
function isSignedIn() {
return request.auth != null;
}
function getRoles() {
return get(/databases/$(database)/documents/Projects/$(project)).data.roles;
}
function userCanRead() {
let roles = getRoles();
let email = request.auth.token.email;
let domain = '*@' + email.split('@')[1];
return (roles[email] in ['ADMIN', 'EDITOR', 'VIEWER']) || (roles[domain] in ['ADMIN', 'EDITOR', 'VIEWER']);
}
function userCanWrite() {
let roles = getRoles();
let email = request.auth.token.email;
let domain = '*@' + email.split('@')[1];
return (roles[email] in ['ADMIN', 'EDITOR']) || (roles[domain] in ['ADMIN', 'EDITOR']);
}
function userIsAdmin() {
let roles = getRoles();
let email = request.auth.token.email;
let domain = '*@' + email.split('@')[1];
return (roles[email] == 'ADMIN') || (roles[domain] == 'ADMIN');
}
}
}
}
In Firestore, add a document at Projects/<yourprojectid>
with a value of {roles: {"[email protected]": "ADMIN"}}
.
Using Firestore Studio:
- Under
Give the collection an ID
, setCollection ID
toProjects
- Under
Add its first document
setDocument ID
to your project ID - For the first record set
Field name
toroles
with aField type
ofmap
- In the map set the new
Field name
to your e-mail,Field type
tostring
andField value
toADMIN
and save.