Example of Rules configuration for Firebase/Firestore

rules.js

rules_version = '2';
service cloud.firestore {

  match /databases/{database}/documents {

   function isAdmin() {
     let adminData = get(/databases/$(database)/documents/permissions/admin).data;
     return isCompany() && request.auth.uid in adminData.userIds
   }
  
   function isCompany() {
     return request.auth.token.email.matches(".*@company.com")
   }
   
   function isOwner(userId) {
     return isCompany() && request.auth.uid == userId
   }
   
   function isDayOwner() {
     return isCompany() && request.auth.uid == resource.data.userId
   }
   
   function existsDay(day) {
   	 return exists(/databases/$(database)/documents/days/$(day))
   }
   
   function isWarnOwner() {
     let requestEmail = request.auth.token.email;
     let warningEmail = resource.data.email;
     return isCompany() && requestEmail == warningEmail
   }
   
   function existsWarn(warningId) {
   	 return exists(/databases/$(database)/documents/warnings/$(warningId))
   }

   match /{document=**} {

     match /users/{userId} {
       allow read: if isOwner(userId) || isAdmin();
       allow write: if isOwner(userId);
     }

     match /timetrackings/{timetrackingId} {
       allow read: if isOwner(timetrackingId) || isAdmin();
       allow write: if isOwner(timetrackingId);
     }

     match /days/{day} {
       allow read: if isDayOwner() || isAdmin();
       allow write: if isCompany() && existsDay(day) == false ;
     }

     match /schedulers/{scheduler} {
       allow read: if isCompany();
       allow write: if isAdmin();
     }

     match /projects/{projectId} {
       allow read, write: if isAdmin();
     }
     
     match /warnings/{warningId} {
       allow read: if isWarnOwner() || isAdmin();
       allow create: if isCompany() && existsWarn(warningId) == false ;
     }

   }
  }
}