Update firebase_rules.json (#147)

jkluge · web-flow · commit d429bea535bb · 2025-05-15T09:05:44.000+02:00
diff --git a/my-app/firebase_rules.json b/my-app/firebase_rules.json
@@ -3,45 +3,48 @@
     // Courses and Metadata
     "courses": {
       ".read": true,
-      ".write": "auth != null && auth.uid === 'adminuid'"
+      ".write": "auth != null && (auth.uid === '6qKa992eL4fRkGKzp3OG5Sjjk983' || auth.uid === 'wa9HoCfWe2Vpw6J7oiq5oCxNYz52')"
     },
     "metadata": {
       ".read": true,
-      ".write": "auth != null && auth.uid === 'adminuid'"
+      ".write": "auth != null && (auth.uid === '6qKa992eL4fRkGKzp3OG5Sjjk983' || auth.uid === 'wa9HoCfWe2Vpw6J7oiq5oCxNYz52')"
     },
     "departments": {
       ".read": true,
-      ".write": "auth != null && auth.uid === 'adminuid'"
+      ".write": "auth != null && (auth.uid === '6qKa992eL4fRkGKzp3OG5Sjjk983' || auth.uid === 'wa9HoCfWe2Vpw6J7oiq5oCxNYz52')"
     },
     "locations": {
       ".read": true,
-      ".write": "auth != null && auth.uid === 'adminuid'"
+      ".write": "auth != null && (auth.uid === '6qKa992eL4fRkGKzp3OG5Sjjk983' || auth.uid === 'wa9HoCfWe2Vpw6J7oiq5oCxNYz52')"
     },
 
     // Reviews and Comments
     "reviews": {
       ".read": true,
       "$courseCode": {
-        "$userID": {
-          // Only the review owner can write the main review fields (not including comments)
-          ".write": "auth != null && (auth.uid === $userID)",
+        "$reviewUserID": {
+          // Only the original author can write the main review
+          ".write": "auth != null && (auth.uid === $reviewUserID || data.child('uid').val() === auth.uid || !data.exists())",
+          ".validate": "newData.hasChildren(['text', 'timestamp']) &&
+                        newData.child('text').isString() &&
+                        newData.child('text').val().length <= 2501 &&
+                        newData.child('timestamp').isNumber()",
 
-          // Allow anyone to write a comment
+          // Allow any signed-in user to write comments under the review
           "comments": {
-            ".read": true,
+            ".write": "auth != null",
             "$commentId": {
-              ".write": "auth != null",
-              ".validate": "newData.hasChildren(['userName', 'text', 'timestamp']) &&
-                            newData.child('userName').isString() &&
+              ".validate": "newData.hasChildren(['text', 'userName', 'timestamp']) &&
                             newData.child('text').isString() &&
+                            newData.child('userName').isString() &&
                             newData.child('timestamp').isNumber()"
             }
           }
         }
       }
     },
 
-    // Users
+    // User-specific Data
     "users": {
       "$userID": {
         ".read": "auth != null && auth.uid === $userID",
