Complete the code to allow read access only if the user is authenticated.
allow read: if request.auth [1] null;
The rule checks that the user is signed in by verifying request.auth != null. This means only authenticated users can read data.
Complete the code to allow write access only if the user's ID matches the data owner ID.
allow write: if request.auth.uid [1] resource.data.ownerId;
This rule allows writes only if the signed-in user's ID matches the owner ID stored in the data, ensuring only owners can modify their data.
Fix the error in the rule that denies all access.
allow read, write: if [1];
Using false denies all access, which is the intended behavior here.
Fill both blanks to allow read access only if the user is authenticated and the document is not marked private.
allow read: if request.auth [1] null && resource.data.private [2] false;
The rule checks that the user is signed in (request.auth != null) and that the document's private field is false, meaning it is public.
Fill all three blanks to allow write access only if the user is authenticated, owns the data, and the new data has a valid status.
allow write: if request.auth [1] null && request.auth.uid [2] resource.data.ownerId && request.resource.data.status [3] ['active', 'pending'];
This rule ensures the user is signed in (!= null), owns the data (== ownerId), and the new status is one of the allowed values (in ['active', 'pending']).