Copy and paste these rules into your Firebase project's Firestore rules editor:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
// Vowel Team Challenges Definitions (Read-Only)
match /challenges/{challengeId} {
allow read: if true;
allow write, delete: if false;
}
// Overall High Scores (Public Read, Authenticated Conditional Write)
match /highscores/{challengeModeId} {
allow read: if true;
allow write: if request.auth != null &&
request.resource.data.score is number &&
(!exists(resource) || request.resource.data.score > resource.data.score);
allow delete: if false;
}
// User Progress Data (Owner Read/Write)
match /userProgress/{userId} {
// Personal Bests Subcollection
match /challenges/{challengeModeId} {
allow read: if request.auth != null && request.auth.uid == userId;
allow write: if request.auth != null && request.auth.uid == userId &&
request.resource.data.score is number;
}
// Game Attempts Subcollection
match /challenges/{challengeModeId}/attempts/{attemptId} {
allow read: if request.auth != null && request.auth.uid == userId;
allow create: if request.auth != null && request.auth.uid == userId &&
request.resource.data.score is number &&
request.resource.data.timestamp == request.time && // Enforce server timestamp
request.resource.data.details is list; // Ensure details is a list
allow update, delete: if false;
}
}
// Default Deny Rule
match /{document=**} {
allow read, write: if false;
}
}
}
Note: Ensure Firestore is created in your Firebase project and these rules are published. Make sure Google Sign-in is enabled in Firebase Authentication.