Firebase Firestore and Cloud Storage: how to download a file from the Storage only if a certain field exists on the firestore?

Question

I have the following problem: on the cloud storage I have 10 images for user X and I want a user Y to download only one of those 10 images of X if on firestore a certain field has a certain numerical value.

My solution: user Y reads the value of the field on the firestore and with it composes the download request for the cloud storage.

My doubt is whether this procedure is safe. Once I get the value from Firestore, since the request is composed on client Y I am afraid that it will maliciously corrupt the result obtained by Firestore so as to request a different X file in storage than it should have.

Is it possible that such cases occur? Is it possible that the data in transit from Firestore to client Y is corrupted so that the app code on the client makes a request other than the one it was originally allowed?

Answer 1

Natively, these resources are not available to the others resources, the best way to handle this is to store the downloadURL to the file inside Firestore itself.

Then when reading from this firestore document, you can allow it based on your original Firestore document's value.

Access other Document from Security Rules: https://firebase.google.com/docs/firestore/security/rules-conditions#access_other_documents