currently security rules can only check, "limit, orderby and offset" properties of "request.query" object. if they could check our own custom properties , for example, when users search a collection by id, and I only want them to see a list of documents which contain their id then i should be able to do this in the rules
posts/{postId} {
list: if request.query.id == request.auth.uid
}
- this would be really beautiful and makes it way easy to secure list request.