@blinkk/root-cms
TypeScript icon, indicating that this package has built-in type declarations

1.3.14 • Public • Published

Setting up Firestore

Firestore must be setup as Native Mode and not Datastore Mode

Firestore read/writes will need to be locked down by adding the following to the security rules (in Firebase's Firestore UI):

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if false;
    }

    match /Projects/{project} {
      allow write:
        if isSignedIn() && userIsAdmin();
      allow read:
        if isSignedIn() && userCanRead();

      match /{collection}/{document=**} {
        allow write:
          if isSignedIn() && userCanWrite();
        allow read:
          if isSignedIn() && userCanRead();
      }

      function isSignedIn() {
        return request.auth != null;
      }

      function getRoles() {
        return get(/databases/$(database)/documents/Projects/$(project)).data.roles;
      }

      function userCanRead() {
        let roles = getRoles();
        let email = request.auth.token.email;
        let domain = '*@' + email.split('@')[1];
        return (roles[email] in ['ADMIN', 'EDITOR', 'VIEWER']) || (roles[domain] in ['ADMIN', 'EDITOR', 'VIEWER']);
      }

      function userCanWrite() {
        let roles = getRoles();
        let email = request.auth.token.email;
        let domain = '*@' + email.split('@')[1];
        return (roles[email] in ['ADMIN', 'EDITOR']) || (roles[domain] in ['ADMIN', 'EDITOR']);
      }

      function userIsAdmin() {
        let roles = getRoles();
        let email = request.auth.token.email;
        let domain = '*@' + email.split('@')[1];
        return (roles[email] == 'ADMIN') || (roles[domain] == 'ADMIN');
      }
    }
  }
}

In Firestore, add a document at Projects/<yourprojectid> with a value of {roles: {"youremail@yourdomain.tld": "ADMIN"}}.

Using Firestore Studio:

  • Under Give the collection an ID, set Collection ID to Projects
  • Under Add its first document set Document ID to your project ID
  • For the first record set Field name to roles with a Field type of map
  • In the map set the new Field name to your e-mail, Field type to string and Field value to ADMIN and save.

Dependents (0)

Package Sidebar

Install

npm i @blinkk/root-cms

Weekly Downloads

967

Version

1.3.14

License

MIT

Unpacked Size

15.2 MB

Total Files

24

Last publish

Collaborators

  • jeremydw
  • uxder-blinkk
  • zoramite
  • stevenle