feat: adopt security rules around emails

firestore.rules

@@ -0,0 +1,13 @@
+rules_version = '2';
+service cloud.firestore {
+  match /databases/{database}/documents {
+    // Allow read and write access to all documents except the 'emails' collection
+
+    match /{collectionId}/{document=**} {
+      // Allow read to all documents
+      allow read: if true;
+      // Do not allow write to emails collection
+      allow write: if collectionId != 'emails';
+    }
+  }
+}

firestore.rules.WiP

@@ -1,32 +0,0 @@
-// WiP - CC - 2020-02-24
-// As part of future security update will make better use of firestore rules, as stubbed out below
-// Note - will also need to include any legacy revisions as required
-
-service cloud.firestore {
-	// rules will apply to all docs in database
-  match /databases/{database}/documents {
-    // Function to check whether request user has specific permission set in user database
-    function hasUserRole(username,role){
-      // TODO - look up a profile to see if the user has specific role (e.g. admin)
-      // NOTE - this is not currently possible as the username is not sent with a request
-      // but could be made possible by setting the firebase auth name to the username
-      // and ensuring all users had a userRoles property
-      // NOTE 2 - possible code below but would need testing (https://firebase.google.com/docs/reference/rules/rules.List)
-      // return role in get(/databases/$(database)/documents/v3_users/$(username)).data.userRoles
-      return true
-    }
-		// Function to check if request to modify a document is by the auth owner
-    function isSameUser(username){
-      return get(/databases/$(database)/documents/v3_users/$(username)).data._authID==request.auth.uid
-    }
-    match /v3_users/{username} {
-    allow read, write: if hasUserRole('admin')
-    allow read,write
-    }
-		// users can read/write their own user docs    
-    match /v3_users/{username} {
-    allow read, write: if isSameUser(username)
-    }
-	}
-}
-