diff --git a/firestore.rules b/firestore.rules
index d57a64061..018550960 100644
--- a/firestore.rules
+++ b/firestore.rules
@@ -40,6 +40,29 @@ service cloud.firestore {
     function isPublic() {
       return 'status' in resource.data && resource.data.status == 'public';
     }
+
+    function updatesToPublic() {
+      return 'status' in request.resource.data && request.resource.data.status == 'public';
+    }
+
+    function priceValid(data) {
+      return 'price' in data && data.price.keys().hasAll(['currency', 'display']);
+      // return 'price' in request.resource.data;
+    }
+
+    function jointResourcesCheckout(requiredFields){
+      return resource.data.keys()
+        .concat(request.resource.data.keys())
+        .hasAll(requiredFields);
+    }
+
+    function isStatusRequest() { return 'status' in request.resource.data }
+    function isPublishRequest() { return request.resource.data.status == 'public' }
+    function isValidPublishRequest() {
+      return
+        jointResourcesCheckout(['title', 'description', 'owner', 'price'])
+        && (priceValid(resource.data) || priceValid(request.resource.data));
+    }
     // //////////////////
 
 		match /sessions/{session} {
@@ -49,11 +72,16 @@ service cloud.firestore {
           ['title', 'owner'],
           ['description', 'type', 'format', 'thumbRef', 'level', 'price', 'activities', 'pillar', 'promo', 'relatedSessions', 'duration', 'when', 'eventId', 'resourceId']
         );
-      allow update: if isOwner(resource.data.owner.uid)
+
+      allow update: if
+        isOwner(resource.data.owner.uid)
         && (
-          !isPublic() ||
-          editOnlyChangesFields(['title', 'description', 'thumbRef', 'level', 'price', 'activities', 'pillar', 'promo', 'relatedSessions', 'duration', 'entryId'])
-        );
+          !isStatusRequest()
+          || !isPublishRequest()
+          || isValidPublishRequest()
+        )
+        && editOnlyChangesFields(['title', 'description', 'thumbRef', 'level', 'price', 'activities', 'pillar', 'promo', 'relatedSessions', 'duration', 'entryId', 'status']);
+
       allow delete: if isOwner(resource.data.owner.uid) && !isPublic();
     }
 
diff --git a/functions/.gitignore b/functions/.gitignore
index e3c46bc3f..10263c112 100644
--- a/functions/.gitignore
+++ b/functions/.gitignore
@@ -6,7 +6,7 @@
 !.eslintrc.js
 
 # Except the test files
-test/**/*.js
+test/*.js
 
 # TypeScript v1 declaration files
 typings/
diff --git a/functions/package.json b/functions/package.json
index 504d41460..f9d8c307d 100644
--- a/functions/package.json
+++ b/functions/package.json
@@ -9,6 +9,7 @@
     "deploy": "firebase deploy --only functions",
     "logs": "firebase functions:log",
     "test": "mocha --exit",
+    "test:dev": "mocha --watch",
     "_comment": "use the 'getCustomConfig' to retrieve config which will also includes stripe token",
     "getCustomConfig": "firebase functions:config:get > .runtimeconfig.json"
   },