rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /users/{user} {

    	function isUser(rsc) {
        return rsc.id == request.auth.uid
      }

      function isAdmin() {
        return get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role == 'admin'
      }

      allow create: if request.resource.id == request.auth.uid;
      allow list: if isUser(resource) || isAdmin();
      allow write: if isUser(resource) || isAdmin();
      allow read: if request.auth.uid != null;
    }

    match /guest/{guestId} {
      allow read: if true;
      allow write: if request.auth.uid != null;
    }
    match /songs/{song} {
      allow read: if request.auth.uid != null;
      allow write: if request.auth.uid != null;
    }
    match /songs/{song}/files/{file} {
      allow read: if request.auth.uid != null;
      allow write: if request.auth.uid != null;
    }
    match /shows/{show} {
      allow read: if request.auth.uid != null;
      allow write: if request.auth.uid != null;
    }
    match /shows/{show}/songs/{song} {
      allow read: if request.auth.uid != null;
      allow write: if request.auth.uid != null;
    }

    match /global/{global} {
      allow read: if request.auth.uid != null;
      allow write: if request.auth.uid != null;
    }

  }
}