52 lines
1.3 KiB
Plaintext
52 lines
1.3 KiB
Plaintext
rules_version = '2';
|
|
|
|
service firebase.storage {
|
|
match /b/{bucket}/o {
|
|
|
|
// Helper functions
|
|
function isAuthenticated() {
|
|
return request.auth != null;
|
|
}
|
|
|
|
function isOwner(userId) {
|
|
return isAuthenticated() && request.auth.uid == userId;
|
|
}
|
|
|
|
function isValidImage() {
|
|
return request.resource.size < 5 * 1024 * 1024 // 5MB max
|
|
&& request.resource.contentType.matches('image/.*');
|
|
}
|
|
|
|
function isValidFile() {
|
|
return request.resource.size < 10 * 1024 * 1024; // 10MB max
|
|
}
|
|
|
|
// User profile images
|
|
match /users/{userId}/profile/{fileName} {
|
|
allow read: if true; // Public read
|
|
allow write: if isOwner(userId) && isValidImage();
|
|
allow delete: if isOwner(userId);
|
|
}
|
|
|
|
// Project logos
|
|
match /projects/{projectId}/logo/{fileName} {
|
|
allow read: if true; // Public read
|
|
allow write: if isAuthenticated() && isValidImage();
|
|
allow delete: if isAuthenticated();
|
|
}
|
|
|
|
// Project files (private)
|
|
match /projects/{projectId}/files/{allPaths=**} {
|
|
allow read: if isAuthenticated();
|
|
allow write: if isAuthenticated() && isValidFile();
|
|
allow delete: if isAuthenticated();
|
|
}
|
|
|
|
// Default deny all other access
|
|
match /{allPaths=**} {
|
|
allow read, write: if false;
|
|
}
|
|
}
|
|
}
|
|
|