firestore.rules

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    // Function available for all collections

    // Checks that request is coming from an authenticated user
    function isSignedIn() {
      return request.auth != null;
    }

    // Checks that the supplied userID is the same as the logged in one
    function hasID(userID) {
      return request.auth.uid == userID;
    }

    // Checks if user is admin
    function isAdmin() {
      return request.auth.uid in get(/databases/$(database)/documents/roles/admins).data.members;
    }

    // Checks if user is admin
    function isCompany() {
      return request.auth.uid in get(/databases/$(database)/documents/roles/companies).data.members;
    }

    match /global/subjects {
      allow create, update, delete: if isAdmin();
      allow read: if isSignedIn();
    }

    match /availability/{userID} {
      allow create, update, delete: if (isSignedIn() && hasID(userID)) || isAdmin();
      allow read: if isSignedIn();
    }

    match /availability/{userID}/slots/{slot} {
      allow create, update, delete: if (isSignedIn() && hasID(userID)) || isAdmin();
      allow read: if isSignedIn();
    }

    match /jobs/{job} {
      allow create, update, delete: if (isSignedIn() && isCompany()) || isAdmin();
      allow read: if isSignedIn();
    }

    match /postGroups/{group} {
      allow create, update, delete: if isAdmin();
      allow read: if isSignedIn();
    }

    match /posts/{post} {
      allow create, update, delete: if isAdmin();
      allow read: if isSignedIn();
    }

    match /publicProfile/{userID} {
      allow create, update, delete: if isAdmin();
      allow read: if isSignedIn();
    }

    match /roles/{role} {
      allow create, update, delete: if isAdmin();
      allow read: if isSignedIn();
    }

    match /userInfo/{userID} {
      allow create, read: if isSignedIn();
      allow update, delete: if (isSignedIn() && hasID(userID)) || isAdmin();
    }
  }
}