From 9da84c85054e3298e35ef575c8fc2b7274ce2017 Mon Sep 17 00:00:00 2001 From: Emmanuel Lodovice Date: Thu, 15 Nov 2018 02:23:43 +0800 Subject: [PATCH] Set firebase rules and updated pages for access checks --- firestore.rules | 22 +++++++++++++++++++--- public/index.html | 2 +- public/js/add-product.js | 15 ++++++++++++++- public/js/browse-products.js | 13 ++++++++++++- public/js/orders.js | 2 +- 5 files changed, 47 insertions(+), 7 deletions(-) diff --git a/firestore.rules b/firestore.rules index 31eda17..0123ecf 100644 --- a/firestore.rules +++ b/firestore.rules @@ -1,7 +1,23 @@ service cloud.firestore { match /databases/{database}/documents { - match /{document=**} { - allow read, write; + match /tokens/{userId} { + allow write: if request.auth.uid == userId; + allow read: if false; + } + match /products/{product} { + allow read: if true; + allow write: if exists(/databases/$(database)/documents/admins/$(request.auth.uid)); + } + match /admins/{userId} { + allow get: if request.auth.uid != null; + allow list: if false; + allow write: if false; + } + match /orders/{orderId} { + allow read: if request.auth.uid == resource.data.uid || exists(/databases/$(database)/documents/admins/$(request.auth.uid)); + allow create: if request.auth.uid != null; + allow update: if exists(/databases/$(database)/documents/admins/$(request.auth.uid)); + allow delete: if false; } } -} +} \ No newline at end of file diff --git a/public/index.html b/public/index.html index 0c7e26c..5710c9e 100644 --- a/public/index.html +++ b/public/index.html @@ -59,7 +59,7 @@

AWESOME SALE

view_headlineSee More - add_circleAdd Product + add_circleAdd Product
diff --git a/public/js/add-product.js b/public/js/add-product.js index 340fd83..1da8179 100644 --- a/public/js/add-product.js +++ b/public/js/add-product.js @@ -89,4 +89,17 @@ function guid() { .substring(1); } return s4() + s4() + '-' + s4() + '-' + s4() + '-' + s4() + '-' + s4() + s4() + s4(); -} \ No newline at end of file +} + +$(window).on('auth', function(e, user) { + if (user) { + var adminsCollection = firebase.firestore().collection('admins'); + adminsCollection.doc(user.uid).get().then(function(snapshot) { + if (!snapshot.exists) { + window.location = '/'; + } + }); + } else { + window.location = '/'; + } +}); \ No newline at end of file diff --git a/public/js/browse-products.js b/public/js/browse-products.js index ced7664..dd6232c 100644 --- a/public/js/browse-products.js +++ b/public/js/browse-products.js @@ -59,4 +59,15 @@ function browseProducts() { } } -$(document).ready(browseProducts); \ No newline at end of file +$(document).ready(browseProducts); + +$(window).on('auth', function(e, user) { + if (user) { + var adminsCollection = firebase.firestore().collection('admins'); + adminsCollection.doc(user.uid).get().then(function(snapshot) { + if (snapshot.exists) { + $('#add-product').removeClass('hide'); + } + }); + } +}); \ No newline at end of file diff --git a/public/js/orders.js b/public/js/orders.js index 77cb600..91e3654 100644 --- a/public/js/orders.js +++ b/public/js/orders.js @@ -72,7 +72,7 @@ function orders(user, isAdmin) { '
P ' + cost.toFixed(2) + ' for ' + order.quantity + ' items
' + '

' + order.firstName + ' ' + order.lastName +'

' + '

' + order.address +'

'; - if (isAdmin && order.status) { + if (order.status) { template += '

' + order.status + '

' } template += '';