database.rules.bolt

type User {
  displayName: String,
  email: String,
  photoURL: String,
  uid: String,
  billingAddress: String | Null,
  shippingAddress: String | Null,
  orders: Object | Null,
}

type Role {
  isAdmin: Boolean,
  isManager: Boolean,
}

type Product {
  name: String,
  description: String,
  image: String,
  price: Number,
}

type Cart {
  quantities: Number[],
}

type Order extends Cart {
  uid: String,
  shippingAddress: String,
  status: String,
}

path /users {
  read()  { isAdmin() }
  write() { false }
}

path /users/{uid} is User {
  create() { isCurrentUser(uid) || isAdmin() }
  read()   { isCurrentUser(uid) || isAdmin() }
  update() { isCurrentUser(uid) || isAdmin() }
  delete() { isAdmin() }
}

path /users/{uid}/email {
  update() { false }
}

path /users/{uid}/orders/{id} {
  update() { false }
}

path /roles {
  read()  { isAdmin() }
  write() { false }
}

path /roles/{uid} is Role {
  read()  { isAdmin() || isCurrentUser(uid) }
  write() { isAdmin() }
}

path /products {
  read()  { true }
  write() { false }
}

path /products/{id} is Product {
  create() { isManager() || isAdmin() }
  read()   { true }
  update() { isManager() || isAdmin() }
  delete() { isAdmin() }
}

path /cart/{uid} is Cart {
  create() { isCurrentUser(uid) }
  read()   { isCurrentUser(uid) }
  update() { isCurrentUser(uid) }
  delete() { isCurrentUser(uid) || isAdmin() }
}

path /orders {
  read() { isManager() || isAdmin() }
}

path /orders/{id} is Order {
  create() { isCurrentUser(this.uid) }
  read()   { isCurrentUser(this.uid) || isManager() || isAdmin() }
  update() { false }
  delete() { isAdmin() }
}

path /orders/{id}/status {
  create() { isCurrentUser(this.parent().uid) }
  update() { isManager() }
  delete() { false }
}

isCurrentUser(uid) { auth !== null && auth.uid === uid }

isAdmin()   { auth !== null && prior(root.roles[auth.uid].isAdmin)   }
isManager() { auth !== null && prior(root.roles[auth.uid].isManager) }