This file gets updated continuously. Please monitor for updates, and change accordingly.

PalCode Security rules

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
  	function isElevated() {
    	return get(/databases/$(database)/documents/users/$(request.auth.uid)).data.perms > 0;
    }
    
    function checkEquals(index) {
      return resource.data[index] == request.resource.data[index];
    }
  
    match /users/{user} {
    	allow create: if request.auth != null && request.resource.data.perms == 0;
      allow read: if request.auth != null;
      allow delete: if request.auth.uid == user;
      allow update: if request.resource.data.perms == 0 && (request.auth.uid == user || isElevated());
    }
    
    match /classrooms/{classroom} {
    	allow read: if request.auth != null;
      allow delete: if isElevated();
      allow create: if isElevated();
      allow update: if isElevated() || (checkEquals('created') && checkEquals('name') && checkEquals('owner') && request.auth != null);
    }
    
    match /tasks/{task} {
    	function isCreatedByAuthUser() {
      	return resource.data.createdBy == request.auth.uid;
      }
    
    	allow read: if resource.data.type == 0 || isCreatedByAuthUser() || isElevated();
      allow create: if isElevated() || request.resource.data.type == 1 || request.resource.data.type == 2;
      allow delete: if isElevated();
      allow update: if (isCreatedByAuthUser() || isElevated()) && checkEquals('type') && checkEquals('created');
      
      match /statusUpdates/{statusUpdate} {
      	allow read: if isElevated();
        allow create: if get(/databases/$(database)/documents/tasks/$(task)).data.createdBy == request.auth.uid || isElevated();
      }
    }
  }
}