rules_version = '2'; service firebase.storage { match /b/{bucket}/o { match /users/{userId}/{allPaths=**} { allow read: if request.auth.uid == userId; allow write: if request.auth.uid == userId && request.resource.size < 10 * 1024; allow delete: if request.auth.uid == userId; } match /public/{allPaths=**} { allow read: if true; allow write: if request.auth.token.admin; } } }