I have game interface with players limit and connected players (array of player ids)
interface IGameData { playersLimit: number; players: string[]; }
How to write a not in rule which will check if player that I'm requesting to push inside players array is already in the players array then the rule should deny request?
Update request looks like this
await updateDoc(
doc(db, 'games', gameId),
{
players: arrayUnion(playerId)
}
)
The arrayUnion operator already prevents duplicates from appearing in the players array. You don't need a security rule for that.