Added support for Firestore security rules (#2010)

This adds support for Google Cloud Firestore security rules.

components.json

@@ -285,6 +285,11 @@
 			"require": "clike",
 			"owner": "simonreynolds7"
 		},
+		"firestore-security-rules": {
+			"title": "Firestore security rules",
+			"require": "clike",
+			"owner": "RunDevelopment"
+		},
 		"flow": {
 			"title": "Flow",
 			"require": "javascript",

components/prism-firestore-security-rules.js

@@ -0,0 +1,35 @@
+Prism.languages['firestore-security-rules'] = Prism.languages.extend('clike', {
+	'comment': /\/\/.*/,
+	'keyword': /\b(?:allow|function|if|match|null|return|rules_version|service)\b/,
+	'operator': /&&|\|\||[<>!=]=?|[-+*/%=]|\b(?:in|is)\b/,
+});
+
+delete Prism.languages['firestore-security-rules']['class-name'];
+
+Prism.languages.insertBefore('firestore-security-rules', 'keyword', {
+	'path': {
+		pattern: /(^|[\s(),])(?:\/(?:[\w\xA0-\uFFFF]+|\{[\w\xA0-\uFFFF]+(?:=\*\*)?\}|\$\([\w\xA0-\uFFFF.]+\)))+/,
+		lookbehind: true,
+		greedy: true,
+		inside: {
+			'variable': {
+				pattern: /\{[\w\xA0-\uFFFF]+(?:=\*\*)?\}|\$\([\w\xA0-\uFFFF.]+\)/,
+				inside: {
+					'operator': /=/,
+					'keyword': /\*\*/,
+					'punctuation': /[.$(){}]/
+				}
+			},
+			'punctuation': /[/]/
+		}
+	},
+	'method': {
+		// to make the pattern shorter, the actual method names are omitted
+		pattern: /(\ballow\s+)[a-z]+(?:\s*,\s*[a-z]+)*(?=\s*[:;])/,
+		lookbehind: true,
+		alias: 'builtin',
+		inside: {
+			'punctuation': /,/
+		}
+	},
+});

examples/prism-firestore-security-rules.html

@@ -0,0 +1,37 @@
+<h2>Full example</h2>
+<pre><code>rules_version = '2';
+service cloud.firestore {
+
+  match /databases/{database}/documents {
+
+    // Returns `true` if the requested post is 'published'
+    // or the user authored the post
+    function authorOrPublished() {
+      return resource.data.published == true || request.auth.uid == resource.data.author;
+    }
+
+    match /{path=**}/posts/{post} {
+
+      // Anyone can query published posts
+      // Authors can query their unpublished posts
+      allow list: if authorOrPublished();
+
+      // Anyone can retrieve a published post
+      // Authors can retrieve an unpublished post
+      allow get: if authorOrPublished();
+    }
+
+    match /forums/{forumid}/posts/{postid} {
+      // Only a post's author can write to a post
+      allow write: if request.auth.uid == resource.data.author;
+    }
+  }
+
+  match /databases/{database}/reviews {
+    // Assign roles to all users and refine access based on user roles
+    match /some_collection/{document} {
+      allow read: if get(/databases/$(database)/reviews/users/$(request.auth.uid)).data.role == "Reader"
+      allow write: if get(/databases/$(database)/reviews/users/$(request.auth.uid)).data.role == "Writer"
+    }
+  }
+}</code></pre>

plugins/autoloader/prism-autoloader.js

@@ -31,6 +31,7 @@
 			"markup-templating"
 		],
 		"fsharp": "clike",
+		"firestore-security-rules": "clike",
 		"flow": "javascript",
 		"glsl": "clike",
 		"gml": "clike",

plugins/show-language/prism-show-language.js

@@ -52,6 +52,7 @@
 		"ejs": "EJS",
 		"erb": "ERB",
 		"fsharp": "F#",
+		"firestore-security-rules": "Firestore security rules",
 		"gcode": "G-code",
 		"gdscript": "GDScript",
 		"gedcom": "GEDCOM",

tests/languages/erlang/atom_feature.test

@@ -9,9 +9,9 @@ foo@_bar
 	["atom", "foo"],
 	["atom", "foo@_bar"],
 	["quoted-atom", "'foo bar'"],
-    ["quoted-atom", "'\\'\\\\'"]
+	["quoted-atom", "'\\'\\\\'"]
 ]
 
 ----------------------------------------------------
 
-Checks for atoms and quoted atoms.
+Checks for atoms and quoted atoms.

tests/languages/firestore-security-rules/comment_feature.test

@@ -0,0 +1,11 @@
+// comment
+
+----------------------------------------------------
+
+[
+	["comment", "// comment"]
+]
+
+----------------------------------------------------
+
+Checks for comments.

tests/languages/firestore-security-rules/keyword_feature.test

@@ -0,0 +1,25 @@
+allow
+function
+if
+match
+null
+return
+rules_version
+service
+
+----------------------------------------------------
+
+[
+	["keyword", "allow"],
+	["keyword", "function"],
+	["keyword", "if"],
+	["keyword", "match"],
+	["keyword", "null"],
+	["keyword", "return"],
+	["keyword", "rules_version"],
+	["keyword", "service"]
+]
+
+----------------------------------------------------
+
+Checks for keywords.

tests/languages/firestore-security-rules/method_feature.test

@@ -0,0 +1,38 @@
+allow read;
+allow read, write: if false;
+allow get, list, update;
+
+----------------------------------------------------
+
+[
+	["keyword", "allow"],
+	["method", [
+		"read"
+	]],
+	["punctuation", ";"],
+
+	["keyword", "allow"],
+	["method", [
+		"read",
+		["punctuation", ","],
+		" write"
+	]],
+	["punctuation", ":"],
+	["keyword", "if"],
+	["boolean", "false"],
+	["punctuation", ";"],
+
+	["keyword", "allow"],
+	["method", [
+		"get",
+		["punctuation", ","],
+		" list",
+		["punctuation", ","],
+		" update"
+	]],
+	["punctuation", ";"]
+]
+
+----------------------------------------------------
+
+Checks for methods.

tests/languages/firestore-security-rules/number_feature.test

@@ -0,0 +1,13 @@
+123
+1.23
+
+----------------------------------------------------
+
+[
+	["number", "123"],
+	["number", "1.23"]
+]
+
+----------------------------------------------------
+
+Checks for numbers.

tests/languages/firestore-security-rules/operator_feature.test

@@ -0,0 +1,31 @@
++ - * / %
+< > <= >= != ==
+! && ||
+
+in is
+
+----------------------------------------------------
+
+[
+	["operator", "+"],
+	["operator", "-"],
+	["operator", "*"],
+	["operator", "/"],
+	["operator", "%"],
+	["operator", "<"],
+	["operator", ">"],
+	["operator", "<="],
+	["operator", ">="],
+	["operator", "!="],
+	["operator", "=="],
+	["operator", "!"],
+	["operator", "&&"],
+	["operator", "||"],
+
+	["operator", "in"],
+	["operator", "is"]
+]
+
+----------------------------------------------------
+
+Checks for operators.