firestore.rules

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /users/{userID} {
    	allow read: if request.auth != null;
      allow create: if request.auth != null && request.auth.uid == request.resource.data.id;
      allow update: if request.auth != null && request.auth.uid == resource.data.id;
    }
    match /books/{bookID} {
      function bookData() {
      	return get(/databases/$(database)/documents/books/$(bookID)).data;
      }
      function readPermission () {
      	return request.auth != null;
      }
      function createPermission () {
      	return request.auth != null;
      }
      function updatePermission () {
      	return request.auth != null &&
      		     request.auth.uid == resource.data.created_by &&
               request.auth.uid == request.resource.data.created_by;
      }
      function createLinePermission (data) {
      	return request.auth != null && request.auth.uid in data.members;
      }
      allow read: if readPermission();
      allow create: if createPermission();
      allow update, delete: if updatePermission();
      match /lines/{lineID} {
        allow read: if readPermission();
      	allow create: if createLinePermission(bookData());
      	allow update, delete: if updatePermission();
      }
    }
    match /book_users/{book_usersID} {
      function bookUsersData() {
      	return get(/databases/$(database)/documents/book_users/$(book_usersID)).data;
      }
      function updatePermission (data) {
      	return (request.auth != null && request.auth.uid in data.members) ||
        				request.resource.data.users[request.auth.uid].role == 'reader'; //debil, reforzar
      }
    	allow read: if request.auth != null;
      allow create: if request.auth != null && request.auth.uid == request.resource.data.created_by;
      allow update: if updatePermission(bookUsersData());
    }
  }
}