// Check if document is exists
function documentIdExists() {
     return exists(/databases/$(database)/documents/users/$(request.auth.uid));
}
// Check if userId exists in the document 
function userExistsInDocument() {
     return resource.data.userId == request.auth.uid;
}
// Check if email exists in the document 
function userExistsInDocument() {
     return resource.data.email == request.auth.token.email;
}

service cloud.firestore {
  match /databases/{database}/documents {
    function hasRoleOf(role) {
    	return get(/databases/$(database)/documents/user/$(request.auth.uid)).data.roles[role];
    }
    
    function isOneOfTheseRoles(roles) {
    	return request.resource.data.roles.keys().hasAny(roles) == false;
    }

    match /beer/{beerId} {
      allow read;
      allow write, update, delete: if request.auth.uid != null;
    }
    match /beerOnTap/{beerTapId} {
      allow read;
      allow write, update, delete: if request.auth.uid != null;
    }
    match /user/{userId} {
      allow read: if isOneOfTheseRoles(['admin', 'editor']);
      allow create: if request.auth.uid != null;
      allow update, delete: if hasRoleOf('admin') == true;
    }
  }
}