Can you make security rules that runs a query to check if a matching document is found?
I'm building a system where a logged in user can vote on specific topics.
Every single vote will be saved in its own document, with a reference to the user, the topic etc.
I want to make a security rule that checks if there's already a document in the vote section with that specific user ID and topic ID present, and only let the user write a vote document it that's not the case.
I can't see any query options in the documentation, so what are my options?
Can I somehow create an index of all votes, and look for a specific document path in that index?
Or should I give the votes a custom ID scheme, based on the user ID and the topic ID, so they can be found?
For those still interested, this has now changed.
Please see https://firebase.blog/posts/2022/09/announcing-cross-service-security-rules/
You can now use the functions firestore.get() and firestore.exists() to query the database inside Security Rules.
These functions, will however, incur additional reads even if the request is denied.