Hi, i have a group/member app, and when a user loggin i'm getting all the groups that he belongs from firebase. Then, when the user navigate to another page i'm passing the groupId as a parameter to that page.
In that page i'm doing another firebase query to retrieve the group name and another atributes, but i noticed that the groupId is passed in the URL. So, if i change to another groupId i'm getting the info of that group...even if the user don't belong to that group....
To solve this i change firestore rule only to allow Read, Write and Delete to tagged users.
But now, when i force the URL to a groupId that the user shouldn't have permission i get an infinite loading... is there a way to send a message "You do not have permission to access this group?"
Or we need to do this using an action? I hope i explain this use case corretly :)
thanks