firestore.rules

rules_version = '2';
service cloud.firestore {
	function checkGender(gender)
  {
  	return gender == "male" || gender == "female" || gender == "other";
  }

  function checkYear(year)
  {
  	return year > 2021 && year < 2029;
  }

	function validUserData(uid, token, data)
  {
  	return uid == data.uid && checkGender(data.gender) &&
    	data.email == token.email &&
      (!("phone_number" in token) || data.phno == token.phone_number || token.phone_number == "" || token.phone_number == null)  &&
    	 checkYear(data.graduation_year) && data.venue != null && data.venue != "";
  }

  function editingOnlyAllowedFields(allowedFields) {
      let editedKeys = request.resource.data.diff(resource != null ? resource.data : {}).affectedKeys();
      return editedKeys.hasOnly(allowedFields);
  }

  function notEditingFields(fields) {
        let editedKeys = request.resource.data.diff(resource != null ? resource.data : {}).affectedKeys();
        return !editedKeys.hasAny(fields);
    }

  match /databases/{database}/documents {
    match /{document=**} {

      match /users/{user}{
      	allow read: if request.auth.token.admin || request.auth.uid == user;
        allow write: if request.auth.uid == user &&
        	validUserData(request.auth.uid, request.auth.token, request.resource.data) &&
        	notEditingFields(["visited", "emailSent"]);

        allow update: if request.auth.token.mentor && editingOnlyAllowedFields(["visited"]);

      	match /stalls/{id} {
          allow read: if request.auth.uid == user;
          allow create: if request.auth.token.mentor;
        }
      }

      match /mentors/{mentor} {
      	allow read: if request.auth.uid == mentor;
      	allow update: if request.auth.uid == mentor && editingOnlyAllowedFields(["stall"]);
      }

      match /stalls/{stall} {
      	allow read: if request.auth.token.mentor;
        allow list: if request.auth.token.mentor;
      }

      match /venues/venue_list {
        allow read: if request.auth != null;
      }
    }
  }
}