Set firebase rules and updated pages for access checks

firestore.rules

@@ -1,7 +1,23 @@
 service cloud.firestore {
   match /databases/{database}/documents {
-    match /{document=**} {
-      allow read, write;
+    match /tokens/{userId} {
+      allow write: if request.auth.uid == userId;
+      allow read: if false;
+    }
+    match /products/{product} {
+      allow read: if true;
+      allow write: if exists(/databases/$(database)/documents/admins/$(request.auth.uid));
+    }
+    match /admins/{userId} {
+        allow get: if request.auth.uid != null;
+      allow list: if false;
+      allow write: if false;
+    }
+    match /orders/{orderId} {
+        allow read: if request.auth.uid == resource.data.uid || exists(/databases/$(database)/documents/admins/$(request.auth.uid));
+      allow create: if request.auth.uid != null;
+      allow update: if exists(/databases/$(database)/documents/admins/$(request.auth.uid));
+      allow delete: if false;
     }
   }
-}
+}

public/index.html

@@ -59,7 +59,7 @@ <h4>AWESOME SALE</h4>
       <!-- Start Load More -->
       <div class="center-align">
         <a class="waves-effect waves-light btn-large teal darken-2 hide" id="see-more"><i class="material-icons left">view_headline</i>See More</a>
-        <a class="waves-effect waves-light btn-large teal darken-2" href="/add-product.html"><i class="material-icons left">add_circle</i>Add Product</a>
+        <a class="waves-effect waves-light btn-large teal darken-2 hide" href="/add-product.html" id="add-product"><i class="material-icons left">add_circle</i>Add Product</a>
       </div>
       <!-- End Load More -->
     </div>

public/js/add-product.js

@@ -89,4 +89,17 @@ function guid() {
       .substring(1);
   }
   return s4() + s4() + '-' + s4() + '-' + s4() + '-' + s4() + '-' + s4() + s4() + s4();
-}
+}
+
+$(window).on('auth', function(e, user) {
+    if (user) {
+        var adminsCollection = firebase.firestore().collection('admins');
+        adminsCollection.doc(user.uid).get().then(function(snapshot) {
+            if (!snapshot.exists) {
+                window.location = '/';
+            }
+        });
+    } else {
+        window.location = '/';
+    }
+});

public/js/browse-products.js

@@ -59,4 +59,15 @@ function browseProducts() {
     }
 }
 
-$(document).ready(browseProducts);
+$(document).ready(browseProducts);
+
+$(window).on('auth', function(e, user) {
+    if (user) {
+        var adminsCollection = firebase.firestore().collection('admins');
+        adminsCollection.doc(user.uid).get().then(function(snapshot) {
+            if (snapshot.exists) {
+                $('#add-product').removeClass('hide');
+            }
+        });
+    }
+});

public/js/orders.js

@@ -72,7 +72,7 @@ function orders(user, isAdmin) {
                     '<h6>P ' + cost.toFixed(2) + ' for ' + order.quantity + ' items</h6>' +
                     '<p>' + order.firstName + ' ' + order.lastName +'</p>' +
                     '<p>' + order.address +'</p>';
-            if (isAdmin && order.status) {
+            if (order.status) {
                 template += '<p>' + order.status + '</p>'
             }
             template += '</div>';