Firebase security rules, ensure one “array remove” only, and only to userId

Question

I have notification records where there is a text and a list of users (max 10).

{text: \"Beware of the dog\", users: [ uid1, uid2, uid3, ... ]}

Answer 1

I don't think this is possible without a loop, which doesn't exist in security rules. Well: if you know all users, you might be able to enumerate all options, essentially unfolding the impossible loop. But even if this is possible in security rules, the rules are going to be incredibly verbose.

I'd recommend creating a subcollection where each UID is stored in a separate document. In that subcollection you can then implement your requirement by only allowing the user to only delete their own document.