rules_version = '2';

service cloud.firestore {
  match /databases/{database}/documents {

    match /users/{userId} {
      allow read;
    }

    match /private-users/{userId} {
      allow read: if resource.data.creatorId == request.auth.uid;
    }

    match /contracts/{contractId} {
      allow read;
      allow update: if resource.data.creatorId == request.auth.uid && request.resource.data.diff(resource.data).affectedKeys()
        .hasOnly(['description']);
      allow delete: if resource.data.creatorId == request.auth.uid;
    }

    match /contracts/{contractId}/bets/{betId} {
      allow read;
    }

    match /{somePath=**}/bets/{betId} {
      allow read;
    }

    match /contracts/{contractId}/comments/{commentId} {
      allow read;
      allow create: if request.auth != null;
    }

    match /{somePath=**}/comments/{commentId} {
      allow read;
    }

    match /folds/{foldId} {
      allow read;
      allow update: if request.auth.uid == resource.data.curatorId;
    }
  }
}