Restrict data to logged in user - Firestore


I’m using Cloud FIrestore as a backend with Authentication.

Does anyone know how to restrict the data that a user can get from a collection to only what they’ve entered? Can this be done via the security rules?

I tried to use the cloud firestore security rules but can’t get it working.

My documents have a field called uid that gets set to the user uid when they create a new document in the collection. I want to retrieve the documents that have been created by a particular user.

Alternatively, is it possible to set it as a parameter in the API call?

Any tips would be greatly appreciated!


Sorry for the super late response!

I’m nor that familiar with Cloud Firestore, but according to the security rules docs you should be able to accomplish this, there’s an example here about users being able to read only their own documents.

But yes, the user uid can be set as a parameter in an API call. Just set your document Get Collection configuration’s relative path to whatever-your-path-is/{uid} so you can pass the user id to Firestore, and then make sure in your backend to only send back the documents which uid matches with the requst.