database.rules.bolt

path /config {
  read() { isAuthenticated() }
  write() { isBarista() }
}

path /roles {
  read() { isBarista() }
  write() { isBarista() }
}

// Users
path /users {
  read() { isBarista() }
  write() { isBarista() }
}

path /users/{uid} {
  /profile is Profile;
  /roles is UserRoles;
  /importedOrders is Orders;
  /orders is Orders;
}

// Orders
path /orders {
  read() { isBarista() }
  write() { isBarista() }
  index() { [ "status" ] }
}

path /orders/{orderId} {
  write() { isOrderOwner() }
}

type Orders extends Order[] {
  read() { isCurrentUser(uid) }
  write() { isCurrentUser(uid) }
}

type Order {
  // TODO: figure out why $other validate false prevents multipath updates
  // drink: String;
  // temperature: Temperature;
}

type Profile {
  read() { isCurrentUser(uid) }
  write() { isCurrentUser(uid) }
}

type UserRoles {
  read() { isCurrentUser(uid) }
}

type PhoneNumber extends String {
  write() { isCurrentUser(uid) }
}

type UpdateProfile extends Boolean {
  write() { isCurrentUser(uid) }
}

type Temperature extends String {
  validate() { this == 'Hot' || this == 'Iced' }
}

isAuthenticated() { auth != null }
isCurrentUser(uid) { auth != null && auth.uid == uid }
isOrderOwner() { auth != null && auth.uid == newData.child('uid').val() && root['roles/user/' + auth.uid] != null }
isBarista() { auth != null && root['roles/barista/' + auth.uid] != null }