firestore.rules

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /account-owners/{ownerId}{
     allow write: if request.auth.uid == ownerId;

      // In cases of transactions, id like to read and confirm
      // correct account id has been given.
      allow read: if isAuthenticated()

      match /addresses/{addressId} {
        allow read, write: if isAuthenticated();
      }
    }

    match /accounts/{accountId} {
      allow read: if isAuthenticated();

      // Ensure the owner only can make changes to account details
      allow write:if request.auth.uid == resource.data.ownerId
                  && isAuthenticated();

      // Users cannot create new transactions,
      // as this will be done by admin sdk  using cloud functions
      match /transactions/{transactionId} {
        allow read, delete: if isAuthenticated();
      }
    }

    function isAuthenticated() {
      return request.auth.uid != null;
    }
  }
}