firestore.rules

rules_version = "2";
service cloud.firestore {
  match /databases/{database}/documents {
    
		match /account/{version} {   

			match /accounts/{uid} {
				allow read: if request.auth.uid == uid;
				allow write: if false;
			}

			match /requirements/{uid} {
				allow read: if request.auth != null;
				allow write: if false;
			}
    }

		match /commerce/{version} {  

			match /customers/{uid} {
				allow read: if request.auth.uid == uid;
				allow write: if false;
			}

			match /users/{uid} {
				allow read: if request.auth.uid == uid;
				allow write: if request.auth.uid == uid;

				match /providers/{provider_id} {
					allow read: if request.auth.uid == uid;
					allow write: if false;
				}

				match /orders/{order_id} {
					allow read: if request.auth.uid == uid;
					allow write: if false;
				}
				
				match /shippingAddresses/{shipping_id} {
					allow read: if request.auth.uid == uid;
					allow write: if request.auth.uid == uid;
				}
			}

			match /carts/{uid} {
				allow read: if request.auth.uid == uid;
				allow write: if request.auth.uid == uid;
			}

			match /providerDrafts/{provider_id} {

				function isOwner() {
					return "owner" in get(/databases/$(database)/documents/commerce/$(version)/providers/$(provider_id)/members/$(request.auth.uid)).data.permissions;
				}

				function isEditor() {
					return "write" in get(/databases/$(database)/documents/commerce/$(version)/providers/$(provider_id)/members/$(request.auth.uid)).data.permissions;
				}

				function isViewer() {
					return "read" in get(/databases/$(database)/documents/commerce/$(version)/providers/$(provider_id)/members/$(request.auth.uid)).data.permissions;
				}

				allow read: if request.auth.uid == provider_id || isOwner() || isEditor() || isViewer();
				allow write: if request.auth.uid == provider_id || isOwner() || isEditor();
			}

			match /providers/{provider_id} {

				function isOwner() {
					return "owner" in get(/databases/$(database)/documents/commerce/$(version)/providers/$(provider_id)/members/$(request.auth.uid)).data.permissions;
				}

				function isEditor() {
					return "write" in get(/databases/$(database)/documents/commerce/$(version)/providers/$(provider_id)/members/$(request.auth.uid)).data.permissions;
				}

				function isViewer() {
					return "read" in get(/databases/$(database)/documents/commerce/$(version)/providers/$(provider_id)/members/$(request.auth.uid)).data.permissions;
				}

				allow read: if true;
				allow write: if false;

				match /members/{user_id} {
					allow read: if request.auth.uid == provider_id || isOwner() || isEditor() || isViewer();
					allow write: if request.auth.uid == provider_id || isOwner();
				}	

				match /productDrafts/{product_id} {
					allow read: if request.auth.uid == provider_id || isOwner() || isEditor() || isViewer();
					allow write: if request.auth.uid == provider_id || isOwner() || isEditor();

					match /skus/{sku_id} {
						allow read: if request.auth.uid == provider_id || isOwner() || isEditor() || isViewer();
						allow write: if request.auth.uid == provider_id || isOwner() || isEditor();
					}
				}

				match /products/{product_id} {
					allow read: if true;
					allow write: if false;

					match /skus/{sku_id} {
						allow read: if true;
						allow write: if false;

						match /stocks/{shard_key} {
							allow read: if true;
							allow write: if false;
						}
					}
				}

				match /orders/{order_id} {
					allow read: if request.auth.uid == provider_id || isOwner() || isEditor() || isViewer();
					allow write: if request.auth.uid == provider_id || isOwner() || isEditor();
          
          match /activities/{activity_id} {
            allow read: if request.auth.uid == provider_id || isOwner() || isEditor() || isViewer();
            allow write: if request.auth.uid == provider_id || isOwner() || isEditor();
					}
				}
			}
    }

		match /social/{version} {   

			match /users/{uid} {
				allow read: if true;
				allow write: if request.auth.uid == uid;
			}
    }
  }
}