From 403df382556a10fc35b85f2a29df2ba2bfafbb59 Mon Sep 17 00:00:00 2001
From: jkluge <92872894+jkluge@users.noreply.github.com>
Date: Thu, 15 May 2025 09:04:07 +0200
Subject: [PATCH] Update firebase_rules.json

---
 my-app/firebase_rules.json | 29 ++++++++++++++++-------------
 1 file changed, 16 insertions(+), 13 deletions(-)

diff --git a/my-app/firebase_rules.json b/my-app/firebase_rules.json
index 10fc332..1550d1c 100644
--- a/my-app/firebase_rules.json
+++ b/my-app/firebase_rules.json
@@ -3,37 +3,40 @@
     // Courses and Metadata
     "courses": {
       ".read": true,
-      ".write": "auth != null && auth.uid === 'adminuid'"
+      ".write": "auth != null && (auth.uid === '6qKa992eL4fRkGKzp3OG5Sjjk983' || auth.uid === 'wa9HoCfWe2Vpw6J7oiq5oCxNYz52')"
     },
     "metadata": {
       ".read": true,
-      ".write": "auth != null && auth.uid === 'adminuid'"
+      ".write": "auth != null && (auth.uid === '6qKa992eL4fRkGKzp3OG5Sjjk983' || auth.uid === 'wa9HoCfWe2Vpw6J7oiq5oCxNYz52')"
     },
     "departments": {
       ".read": true,
-      ".write": "auth != null && auth.uid === 'adminuid'"
+      ".write": "auth != null && (auth.uid === '6qKa992eL4fRkGKzp3OG5Sjjk983' || auth.uid === 'wa9HoCfWe2Vpw6J7oiq5oCxNYz52')"
     },
     "locations": {
       ".read": true,
-      ".write": "auth != null && auth.uid === 'adminuid'"
+      ".write": "auth != null && (auth.uid === '6qKa992eL4fRkGKzp3OG5Sjjk983' || auth.uid === 'wa9HoCfWe2Vpw6J7oiq5oCxNYz52')"
     },
 
     // Reviews and Comments
     "reviews": {
       ".read": true,
       "$courseCode": {
-        "$userID": {
-          // Only the review owner can write the main review fields (not including comments)
-          ".write": "auth != null && (auth.uid === $userID)",
+        "$reviewUserID": {
+          // Only the original author can write the main review
+          ".write": "auth != null && (auth.uid === $reviewUserID || data.child('uid').val() === auth.uid || !data.exists())",
+          ".validate": "newData.hasChildren(['text', 'timestamp']) &&
+                        newData.child('text').isString() &&
+                        newData.child('text').val().length <= 2501 &&
+                        newData.child('timestamp').isNumber()",
 
-          // Allow anyone to write a comment
+          // Allow any signed-in user to write comments under the review
           "comments": {
-            ".read": true,
+            ".write": "auth != null",
             "$commentId": {
-              ".write": "auth != null",
-              ".validate": "newData.hasChildren(['userName', 'text', 'timestamp']) &&
-                            newData.child('userName').isString() &&
+              ".validate": "newData.hasChildren(['text', 'userName', 'timestamp']) &&
                             newData.child('text').isString() &&
+                            newData.child('userName').isString() &&
                             newData.child('timestamp').isNumber()"
             }
           }
@@ -41,7 +44,7 @@
       }
     },
 
-    // Users
+    // User-specific Data
     "users": {
       "$userID": {
         ".read": "auth != null && auth.uid === $userID",