We can securely query documents using authenticated user's UID, using firestore rules like this:
service cloud.firestore {
match /databases/{database}/documents {
match /stories/{storyid} {
// Only the authenticated user who authored the document can read or write
allow read, write: if request.auth != null && request.auth.uid == resource.data.author;
}
}
}
But I can't find how to fill the data with the authenticated user UID.
The below document is working fine, but it was sent from the client-side, and I don't think it's secure, as the request could have tampered with another user UID.
{
title: "A Great Story",
content: "Once upon a time...",
author: user.uid,
published: false
}
Basically, I need a user UID value from Firebase server, just like we can insert a timestamp from server with firestore.FieldValue.serverTimestamp()