rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /users/{userId} {
allow read: if true;
allow write: if isUserSignedIn() && request.auth.uid == userId;
}
match /contents/{id} {
allow read : if true;
allow create: if isUserSignedIn() && isAdmin();
allow update: if isUserSignedIn() || isAdmin();
allow delete : if isUserSignedIn() && isAdmin();
}
match /categories/{document=**} {
allow read : if true;
allow write: if isUserSignedIn() && isAdmin();
}
match /item_count/{document=**} {
allow read: if true;
allow create, update: if isUserSignedIn() || isAdmin();
}
function isUserSignedIn (){
return request.auth != null;
}
function isAdmin (){
return "admin" in get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role;
}
}
}
