From 885085904522e62852b200508cf1cdc134d50b8d Mon Sep 17 00:00:00 2001
From: Omer Levy <omer88@users.noreply.github.com>
Date: Sun, 11 Mar 2018 18:35:11 +0200
Subject: [PATCH] Hardening Firebase Rules

---
 database.rules.json | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/database.rules.json b/database.rules.json
index c756146..6017ab3 100644
--- a/database.rules.json
+++ b/database.rules.json
@@ -7,7 +7,6 @@
     },
     "admins": {
       ".indexOn": "email",
-      ".write": true,
       ".read": "root.child('admins/'+auth.uid).exists() && root.child('admins/'+auth.uid).child('role').val().matches(/(admin)/)",
       "$uid": {
         ".read": "$uid == auth.uid || root.child('admins/'+auth.uid).exists() || data.child('email').val() == auth.email",
@@ -54,10 +53,7 @@
     "products": {
       ".read": true,
       ".write": "root.child('admins/'+auth.uid).exists() && root.child('admins/'+auth.uid).child('role').val().matches(/(admin)/)",
-      ".indexOn": ["published", "category", "rdateUpdated", "url"],
-      "$p_id": {
-        ".read": "data.child('published').val() == true || root.child('admins/'+auth.uid).exists()"
-      }
+      ".indexOn": ["published", "category", "rdateUpdated", "url"]
     },
     "posts": {
       ".read": true,
@@ -66,7 +62,6 @@
     },
     "users": {
       ".read": "root.child('admins/'+auth.uid).exists() && root.child('admins/'+auth.uid).child('role').val().matches(/(admin)/)",
-      ".write": true,
       "$uid": {
         ".read": "$uid == auth.uid || root.child('admins/'+auth.uid).exists()",
         ".write": "$uid == auth.uid || root.child('admins/'+auth.uid).exists()"