diff --git a/firestore.rules b/firestore.rules
index 01f65c9f..8bbc6bb7 100644
--- a/firestore.rules
+++ b/firestore.rules
@@ -173,19 +173,15 @@ service cloud.firestore {
           allow update: if (request.auth.uid == resource.data.creatorId || isAdmin())
                            && request.resource.data.diff(resource.data)
                            .affectedKeys()
-                           .hasOnly(['name', 'about', 'contractIds', 'memberIds', 'anyoneCanJoin', 'aboutPostId' ]);
-         //allow update: if (request.auth.uid in resource.data.memberIds  || resource.data.anyoneCanJoin)
-           //                && request.resource.data.diff(resource.data)
-             //              .affectedKeys()
-               //            .hasOnly([ 'contractIds', 'memberIds' ]);
+                           .hasOnly(['name', 'about', 'anyoneCanJoin', 'aboutPostId' ]);
           allow delete: if request.auth.uid == resource.data.creatorId;
 
           match /groupContracts/{contractId} {
-              allow write: if isGroupMember();
+              allow write: if isGroupMember() || if request.auth.uid == resource.data.creatorId;
             }
 
           match /groupMembers/{memberId}{
-             allow create: if request.auth.uid == request.resource.data.userId && get(/databases/$(database)/documents/groups/$(groupId)).data.anyoneCanJoin;
+             allow create: if request.auth.uid == resource.data.creatorId || (if request.auth.uid == request.resource.data.userId && get(/databases/$(database)/documents/groups/$(groupId)).data.anyoneCanJoin);
               allow delete: if request.auth.uid == resource.data.userId;
             }