From c2f993ddf25bd116d394a890481c147d9015b295 Mon Sep 17 00:00:00 2001
From: TrueMilli <61841994+TrueMilli@users.noreply.github.com>
Date: Thu, 2 Jun 2022 01:30:36 +0200
Subject: [PATCH] check id on update (#393)

---
 firestore.rules | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/firestore.rules b/firestore.rules
index feba35d9..e1e82089 100644
--- a/firestore.rules
+++ b/firestore.rules
@@ -45,7 +45,8 @@ service cloud.firestore {
     match /contracts/{contractId} {
       allow read;
       allow update: if request.resource.data.diff(resource.data).affectedKeys()
-        .hasOnly(['description', 'closeTime', 'tags', 'lowercaseTags']);
+        .hasOnly(['description', 'closeTime', 'tags', 'lowercaseTags'])
+        && resource.data.id == request.auth.uid;
       allow update: if isAdmin();
     }