I'm building an application where a user can have multiple identites. These identities hold public information and thus should be readable by anyone while the user behind the identities should remain private. However, the user should often be able to manage their application through multiple identities at once.
- Users [collection] (private)
- Identities [collection] (public)
It may seem obvious that identities should be a sub-collection of user documents so that the user can efficiently query all their identities. However, when other people query one or multiple identities through collection group queries, the path to these documents become visible to them as demonstrated by the answer to this question (using querySnapshot).
This poses a problem for me as this would allow people to link multiple identities to the same user, which is a privacy issue.
I could store the identities as a top-level collection, and maintain an array on the user documents, but this makes querying a lot less efficient as many reads spanning multiple identities would require as many queries as identities.
- Users [collection] (private)
- array of identity ID's
- Identities [collection] (public)
Is there actually a way to hide the parent relationship in collection group queries? And if not, are there more optimal architectural designs for my problem?
