Implement Firebase Security rules

I need help with implementing Firebase security rules for specific collections of user data. Continuous maintenance is not required for the security rules. I need someone who has experience with administering security for databases like Firebase and can advise me on the best way to protect my data. I'm aiming to make sure user data is secured in the best way possible. I am working on a social media app using firebase firestore, and I need help with securing one collection. I would also like automated firebase security tests written to ensure that all the cases are covered (see: [login to view URL] and [login to view URL]) The collection is friend requests, and is the following structure: Requests { userUID: { allFriends incoming outgoing } } Where: -allFriends is a list of userIds -incoming is a map. Where the key is the incoming userId and it has properties: name, photoUrl, and status -outgoing is a map. Where the key is the incoming userId and it has properties: name, photoUrl, and status This is the logic I believe it should follow. Please let me know if there is any logic flaws here for a secure setup. Sending a friend request: 1. Can always write to outgoing of yourself 2. Can write your UID to incoming of anyone 3. You should not be able to write any UID to your incoming Accepting Friend Request 1. Can write your UID to their allFriends if your UID is in their outgoing 2. Can write their UID to your allFriends if their UID is in your incoming Read: - You can read all of your requests (all friends, incoming and outgoing)