I wish users to be able to query how many documents match a given where clause, without resorting to Cloud Functions, and without them being allowed to retreive the document content.

For example, under /users/{uid} I have documents like so:

{
  "private_data": ...
  "group": "groupname"
}

The firestore rules:

match /users/{uid} {
  // Allow  a user to read only his own data
  allow read: if request.auth != null && request.auth.uid == uid;
  
  // Allow a user to know how many users are in a specified group
  allow list: if request.<has group specified in where clause> && request.<is count aggregation>
}

I wish users to be able to query how many documents match a given where clause, without resorting to Cloud Functions, and without them being allowed to retreive the document content.

For example, under /users/{uid} I have documents like so:

{
  "private_data": ...
  "group": "groupname"
}

The firestore rules:

match /users/{uid} {
  // Allow  a user to read only his own data
  allow read: if request.auth != null && request.auth.uid == uid;
  
  // Allow a user to know how many users are in a specified group
  allow list: if request.<has group specified in where clause> && request.<is count aggregation>
}

• firebase-security

1 Answer 1

At the moment, according to the Firestore security rules' specification, I believe this feature does not exist.

The only way is to resort to Cloud Functions, Cloud Run or a different backend solution.