firestore.rules

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {

    match /contacts/{contact} {
      allow create:
        // ensure no extra fields
        if request.resource.data.keys().size() == 3
        // ensure exactly these fields
        && request.resource.data.keys().hasAll(["name", "email", "createdAt"])
        // ensure types are correct
        && request.resource.data.name is string
        && request.resource.data.email is string
        && request.resource.data.createdAt is timestamp
        // reject special string that triggers errors
        && request.resource.data.name != "__reject_submission__";
    }

    match /invitees/{invitee} {
      allow get:
        if invitee != "__reject_request__@example.com"
        && (resource == null || !resource.data.get("inactive", false));
    }

    match /invitations/{code} {
      allow get:
        if (resource == null || !resource.data.get("inactive", false));

      match /rsvps/{rsvp} {
        function attending() {
          return request.resource.data.attending;
        }
        function guests() {
          return request.resource.data.guests;
        }
        function guestsCount() {
          return request.resource.data.guests.size();
        }
        function validEvents(events, itype) {
          return
            (
              (!attending() && events.size() == 0)
              ||
              // Must be kept up to date with values in Gatsby config
              (attending() && (
                (itype == "a" && events.hasOnly(["puja", "haldi", "sangeet", "ceremony", "reception"]))
                || (itype == "psr" && events.hasOnly(["puja", "haldi", "sangeet", "reception"]))
                || (itype == "pr" && events.hasOnly(["puja", "haldi", "reception"]))
                || (itype == "w" && events.hasOnly(["sangeet", "ceremony", "reception"]))
                || (itype == "ow" && events.hasOnly(["ceremony", "reception"]))
                || (itype == "sr" && events.hasOnly(["sangeet", "reception"]))
                || (itype == "r" && events.hasOnly(["reception"]))
              ))
            );
        }
        function validGuest(i, itype) {
          return
            guests()[i].name.trim().size() != 0
            && validEvents(guests()[i].events, itype);
        }
        function validGuests(numInvitedGuests, itype) {
          return
            guestsCount() <= numInvitedGuests
            && validGuest(0, itype)
            && (guestsCount() < 2 || validGuest(1, itype))
            && (guestsCount() < 3 || validGuest(2, itype))
            && (guestsCount() < 4 || validGuest(3, itype))
            && (guestsCount() < 5 || validGuest(4, itype))
            && (guestsCount() < 6 || validGuest(5, itype))
            && (guestsCount() < 7 || validGuest(6, itype))
            && (guestsCount() < 8 || validGuest(7, itype))
            && (guestsCount() < 9 || validGuest(8, itype));
            // should bump this if we ever have more than 9 guests in a party.
        }
        function validGuestsFromInvitation(invitation) {
          return validGuests(
            invitation.numGuests,
            invitation.get("itype", "")
          )
        }
        allow create:
          // ensure fields only include the following
          if request.resource.data.keys().hasOnly(["attending", "guests", "createdAt", "comments"])
          // ensure these required keys are always present
          && request.resource.data.keys().hasAll(["attending", "guests", "createdAt"])
          && attending() is bool
          && request.resource.data.createdAt is timestamp
          && (
            !("comments" in request.resource.data.keys())
            || request.resource.data.comments is string
          )
          && guests() is list
          && guestsCount() > 0
          && validGuestsFromInvitation(get(/databases/$(database)/documents/invitations/$(code)).data);
      }
    }
  }
}