fix: review security rules

devlille · Jan 27, 2024 · 208e704 · 208e704
1 parent 5cac276
commit 208e704
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 20 deletions.
diff --git a/firestore.cloudnord.rules b/firestore.cloudnord.rules
@@ -2,11 +2,11 @@ rules_version = '2';
 service cloud.firestore {
   match /databases/{database}/documents {
     match /companies-2023/{companyId} {
-      allow list, update: if isGdgLille() || notUpdating('name');
+      allow list, update: if isAdministrator() || notUpdating('name');
       allow create, get: if true;
     }
     match /companies-2024/{companyId} {
-      allow list, update: if isGdgLille() || notUpdating('name');
+      allow list, update: if isAdministrator() || notUpdating('name');
       allow create, get: if true;
     }
     match /workflows/{workflowId} {
@@ -15,7 +15,7 @@ service cloud.firestore {
     }
     match /configuration/{configurationId} {
       allow get: if true;
-      allow update: if isGdgLille();
+      allow update: if isAdministrator();
     }
   }
 }
@@ -27,6 +27,6 @@ function notUpdating(field) {
 function isOwner(companyId) {
     return request.auth.token.email in resource.data.email;
 }
-function isGdgLille() {
-    return request.auth.token.email.matches(".*@gdglille.org")
+function isAdministrator() {
+    return request.auth.token.email.matches(".*@cloudnord.fr")
 }
diff --git a/firestore.devfest.rules b/firestore.devfest.rules
@@ -2,11 +2,11 @@ rules_version = '2';
 service cloud.firestore {
   match /databases/{database}/documents {
     match /companies-2023/{companyId} {
-      allow list, update: if isGdgLille() || notUpdating('name');
+      allow list, update: if isAdministrator() || notUpdating('name');
       allow create, get: if true;
     }
     match /companies-2024/{companyId} {
-      allow list, update: if isGdgLille() || notUpdating('name');
+      allow list, update: if isAdministrator() || notUpdating('name');
       allow create, get: if true;
     }
     match /workflows/{workflowId} {
@@ -15,7 +15,7 @@ service cloud.firestore {
     }
     match /configuration/{configurationId} {
       allow get: if true;
-      allow update: if isGdgLille();
+      allow update: if isAdministrator();
     }
   }
 }
@@ -27,6 +27,6 @@ function notUpdating(field) {
 function isOwner(companyId) {
     return request.auth.token.email in resource.data.email;
 }
-function isGdgLille() {
+function isAdministrator() {
     return request.auth.token.email.matches(".*@gdglille.org")
 }
diff --git a/storage.cloudnord.rules b/storage.cloudnord.rules
@@ -13,19 +13,19 @@ service firebase.storage {
       match /facture {
      		match /{allPaths=**} {
         	allow read: if true;
-      		allow write: if isGdgLille();
+      		allow write: if isAdministrator();
     		}
   		}
       match /flyers {
      		match /{allPaths=**} {
         	allow read: if true;
-      		allow write: if isGdgLille();
+      		allow write: if isAdministrator();
     		}
   		}
       match /devis {
      		match /{allPaths=**} {
       		allow read: if true;
-      		allow write: if isGdgLille();
+      		allow write: if isAdministrator();
     		}
   		}
       match /conventionSigned {
@@ -43,12 +43,12 @@ service firebase.storage {
       match /convention {
      		match /{allPaths=**} {
         	allow read: if true;
-      		allow write: if isGdgLille();
+      		allow write: if isAdministrator();
     		}
   		}
 
   }
 }
-function isGdgLille() {
-    return request.auth.token.email.matches(".*@gdglille.org")
+function isAdministrator() {
+    return request.auth.token.email.matches(".*@cloudnord.fr")
 }
diff --git a/storage.devfest.rules b/storage.devfest.rules
@@ -13,19 +13,19 @@ service firebase.storage {
       match /facture {
      		match /{allPaths=**} {
         	allow read: if true;
-      		allow write: if isGdgLille();
+      		allow write: if isAdministrator();
     		}
   		}
       match /flyers {
      		match /{allPaths=**} {
         	allow read: if true;
-      		allow write: if isGdgLille();
+      		allow write: if isAdministrator();
     		}
   		}
       match /devis {
      		match /{allPaths=**} {
       		allow read: if true;
-      		allow write: if isGdgLille();
+      		allow write: if isAdministrator();
     		}
   		}
       match /conventionSigned {
@@ -43,12 +43,12 @@ service firebase.storage {
       match /convention {
      		match /{allPaths=**} {
         	allow read: if true;
-      		allow write: if isGdgLille();
+      		allow write: if isAdministrator();
     		}
   		}
 
   }
 }
-function isGdgLille() {
+function isAdministrator() {
     return request.auth.token.email.matches(".*@gdglille.org")
 }