Hi everyone,
I'm building an app with two types of users:
– client (can search and book services)
– etablissement (can create and manage salons and services)
I store this role in the users collection under the field role (either "client" or "etablissement").
I'd like to restrict Firestore write access to the salons collection so that only users with role "etablissement" can create, update, or delete salons.
I know how to use Tagged Users in FlutterFlow to protect based on proprietaire_id == uid, but I want to go further and prevent clients from bypassing the UI and writing directly via scripts or tools like Postman.
Since FlutterFlow doesn't support get(...) inside rules, is there any workaround inside FlutterFlow, or should I fully manage these rules manually in the Firebase Console? (i tried but FF doesn't consider it).
Any advice or best practices for enforcing role-based security at the Firestore level while still using FlutterFlow’s rule UI would be super helpful !
Thanks a lot !