rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    function sameUser(user) {
      return request.auth != null && request.auth.uid == user;
    }
    function getUserData() {
      return get(/databases/$(database)/documents/users/$(request.auth.uid)).data;
    }

    //Felhasználói adatok kezelése
    match /users/{user} {
      allow read, write: if sameUser(user) && request.auth.uid == request.resource.data.author_uid;
    }

    //Adminisztrátoroknak mindent lehet
    match /data/{document=**} {
      allow get, list, create, update, delete: if auth.token.admin;
    }
    //Diákok megnézhetik a tárgy adatait
    match /data/subjects/{subject=**} {
      allow get, list: if request.auth.uid in resource.data.students;
    }
    //Az oktatók módosithatják a követelményeket
    match /data/subjects/{subject}/requirements/{requirement=**} {
      allow read, write: if request.auth.uid in resource.data.teachers;
    }
  }
}