-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathstorage.rules
More file actions
29 lines (25 loc) · 830 Bytes
/
storage.rules
File metadata and controls
29 lines (25 loc) · 830 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
// Helper function to check if user is authenticated
function isAuthenticated() {
return request.auth != null;
}
// Helper function to check if user owns the resource
function isOwner(userId) {
return isAuthenticated() && request.auth.uid == userId;
}
// Invoice PDFs are stored in /invoices/{userId}/{invoiceId}/
match /invoices/{userId}/{invoiceId}/{fileName} {
// Allow read access only to the owner
allow read: if isOwner(userId);
// Only allow backend (admin SDK) to write
// Frontend should never directly upload to storage
allow write: if false;
}
// Deny all other access
match /{allPaths=**} {
allow read, write: if false;
}
}
}