firestore.rules

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {

    // This rule allows anyone on the internet to view, edit, and delete
    // all data in your Firestore database. It is useful for getting
    // started, but it is configured to expire after 30 days because it
    // leaves your app open to attackers. At that time, all client
    // requests to your Firestore database will be denied.
    //
    // Make sure to write security rules for your app before that time, or else
    // your app will lose access to your Firestore database
    //match /{document=**} {
    //  allow read, write: if request.time < timestamp.date(2020, 4, 21);
    //}
    
    match /users/{userId} {
      allow read, update: if request.auth.uid != null && request.auth.uid == userId;
    	allow create: if request.auth.uid != null;
    }
    
    match /products/{productId} {
      allow create,update,delete: if request.auth.uid != null;
    	allow read: if true;
    }
  }
}