Rules Example

function isLoggedIn() {
  return request.auth != null;
}

function hasAnyRole(roles) {
  return isLoggedIn() && get(/databases/$(database)/documents/users/$(request.auth.uid)).data.roles.hasAny(roles)
}

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match/users/{userId}{
      allow read:if isLoggedIn();
      allow create,update,delete:if hasAnyRole(['admin']);
    }
    
    
    match/property/{propertyId}{
    	allow read:if isLoggedIn();
      allow create,update,delete:if hasAnyRole(['admin']);
    }
    
    
    match/orders/{ordersId}{
    	allow read,create,write:if isLoggedIn();
      allow create,update,delete:if hasAnyRole(['admin']);
    }
    
    
    match/orders/{ordersId}/invoice/{invoiceId}{
    	allow read,create,write:if isLoggedIn();
      allow create,update,delete:if hasAnyRole(['admin']);
    }
  }
}