Firestore doesn't have a way to query for the size of a collection, so if a client app needs to know this value, it requires some maintenance of a document in another collection to hold this count. However, it requires that the client to correctly perform a transaction in order to keep this count up to date while adding and removing documents. A malicious or broken client could modify either the collection or the count independently, and create a situation where the count isn't accurate.
It's possible to force clients through a backend to enforce this, or use a Cloud Functions trigger to automatically maintain the count (which will take effect after some delay). However, I don't want to introduce a backend, and I'd rather use security rules. How can I do this?
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…