rules_version = '2';

// To deploy: `firebase deploy --only firestore:rules`
service cloud.firestore {
  match /databases/{database}/documents {

    function isAdmin() {
      return request.auth.uid == 'OTd2JFY7LOdvQg2ZQGYLUqrXAiD2' // Austin
        || request.auth.uid == 'czxKSN1Z03Mzu7UqIio3ppM0eDt2' // David
    }

    function isAuthed() {
      return request.auth != null
    }

    match /users/{userId} {
      allow read: if isAuthed();
      allow update: if resource.data.id == request.auth.uid 
        && request.resource.data.diff(resource.data).affectedKeys()
            .hasOnly(['bio', 'bannerUrl', 'website', 'twitterHandle', 'discordHandle']);
    }

    match /private-users/{userId} {
      allow read: if resource.data.id == request.auth.uid || isAdmin();
    }

    match /contracts/{contractId} {
      allow read: if isAuthed();
      allow update: if request.resource.data.diff(resource.data).affectedKeys()
        .hasOnly(['description', 'closeTime', 'tags', 'lowercaseTags']);
      allow update: if isAdmin();
      allow delete: if resource.data.creatorId == request.auth.uid;
    }

    match /{somePath=**}/bets/{betId} {
      allow read: if isAuthed();
    }

    match /{somePath=**}/comments/{commentId} {
      allow read: if isAuthed();
      allow create: if request.auth != null;
    }

    match /{somePath=**}/answers/{answerId} {
      allow read: if isAuthed();
    }

    match /folds/{foldId} {
      allow read: if isAuthed();
      allow update, delete: if request.auth.uid == resource.data.curatorId;
    }

    match /{somePath=**}/followers/{userId} {
      allow read: if isAuthed();
      allow write: if request.auth.uid == userId;
    }
  }
}