Firestore complex rules

firestore.rules

service cloud.firestore {
  match /databases/{database}/documents {
    match /exercises {
     function getRole(role) {
       return get(/databases/$(database)/documents/users/$(request.auth.uid)).data.roles[role]
      }
      allow read: if getRole('subscriber') == true;
      allow update: if getRole('editor') == true;
      allow create, delete: if getRole('admin') == true;
    }
    match /{document=**} {
      allow read, write: if (request.auth.uid != null);
    }
  }
}