database.rules.bolt

// Super-User: isAdmin
isAdmin() {
  auth != null && root["admin"][auth.uid]
}

// Validate a uid against the currently logged in user
isCurrentUser(uid) {
  auth != null && auth.uid == uid
}

// get conference for id
// hardcoded path: /conference/$confid
confById(confid) {
  root["conference"][confid]
}

// get secrets for conference id
// hardcoded path: /secret/$confid
confSecret(confid) {
  root["secret"][confid]
}


// has the user a secret for conference
// hardcoded path: /profile/$userid/secret/$confid
userHasSecret(confid) {
  auth != null &&
    root["profile"][auth.uid] != null &&
    root["profile"][auth.uid].secret != null &&
    root["profile"][auth.uid].secret[confid] != null
}

// get the user a secret for conference
// hardcoded path: /profile/$userid/secret/$confid
userSecret(confid) {
  root["profile"][auth.uid].secret[confid]
}

// Check if current user has a role in a conference
// hardcoded path: /secret/$confid/$role/$usersecret
hasRole(confid, role) {
  auth != null &&
    userHasSecret(confid) &&
    confSecret(confid) != null &&
    confSecret(confid)[role] != null &&
    confSecret(confid)[role][userSecret(confid)] != null
}

// Check if current user is a reviewer
isReviewer(confid) {
  hasRole(confid, "reviewer")
}

// Check for a currently open conference
isConfOpen(confid) {
  confById(confid).cfpFrom < now && confById(confid).cfpTo > now
}

// Simple email validation - not bullet proof
type Email extends String {
  validate() { this.matches(/[\w+-]+@([\w-]+\.)+[\w-]+/i) }
}

type Profile {
  bio: String | Null,
  firstName: String | Null,
  displayName: String | Null,
  email: Email | Null,
  comment: String | Null,
  secret: String[]
}

type Conference {
  name: String,
  description: String,
  cfpFrom: Number,
  cfpTo: Number,
  dateFrom: Number | Null,
  dateTo: Number | Null,
  topics: String | Null,
  logo: String | Null,
  url: String | Null,
  instructionsUrl: String | Null,
  where: String | Null,
  durations: String[],
  write() { isAdmin() }
  read() { true }
}

type Proposal {
  speaker: String,
  title: String,
  abstract: String,
  duration: Number | Null,
  comment: String | Null,
}

path /admin is Boolean[] {
  write() { isAdmin() }
  read() { isAdmin() }
}

path /conference {
  read() { true }
}

path /secret {
  write() { isAdmin() }
  read() { isAdmin() }
}

path /profiles {
  read() { true }
  write() { true }
}

path /conference/{conf} is Conference;

path /profile {
  read() { isAdmin() }
  write() { isAdmin() }
}

path /profile/{uid} is Profile {
  read() { isCurrentUser(uid) }
  write() { isCurrentUser(uid) }
}

// Admin can read and write all proposals
// for any conference
path /proposal {
  read() { isAdmin() }
  write() { isAdmin() }
}

// a reviewer can always read and list the proposals of a conf
path /proposal/{conf} {
  read() { isReviewer(conf) }
}

// a user can always read and list their proposals
// a user can change, add or delete their proposals as long as open
path /proposal/{conf}/{uid} {
  read() { isCurrentUser(uid) }
  write() { isConfOpen(conf) && isCurrentUser(uid) }
}

// During opening time everyone can create
// During opening time only the author can change
// Only the author or a reviewer can read
path /proposal/{conf}/{uid}/{id} is Proposal;

// a reviewer can see and update their reviews
path /review/{conf}/{uid} {
  read() { isAdmin() || (isReviewer(conf) && isCurrentUser(uid)) }
  write() { isAdmin() || (isReviewer(conf) && isCurrentUser(uid)) }
}

// admin can see and create speaker reviews
path /speaker-review {
  read() { isAdmin() }
  write() { isAdmin() }
}