Firestore security rules for objects inside of the array

Hi everyone!
In my Firestore, I have a collection called "items" and there are couple of documents inside. Some of these documents have "reviews" property, which is created by

arrayUnion()

arrayUnion()

called from my front-end and the objects inside of this array always have 4 properties, one of them is

userId

userId

.
In my front-end, I'm sending a get request to get the whole reviews array, like this:

doc.data().reviews

doc.data().reviews

.
How can I write my security rules so that

userId

userId

is never returned no matter what?
I asked ChatGPT to help me write the rules, but these doesn't work:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /items/{itemsID} {
      allow read: if true;
      allow write: if request.auth != null
      match /reviews/{review} {
        allow read: if true;
        allow write: if request.auth != null;
        match /userId {
          allow read: if false;
        }
      }
    }
  }
}

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /items/{itemsID} {
      allow read: if true;
      allow write: if request.auth != null
      match /reviews/{review} {
        allow read: if true;
        allow write: if request.auth != null;
        match /userId {
          allow read: if false;
        }
      }
    }
  }
}

And my query looks like this (Typescript):

export const fetchItems = createAsyncThunk("items/fetchItems", async () => {
  const querySnapshot = await getDocs(collection(db, "items"));
  const itemsArray: itemsType[] = [];
  querySnapshot.forEach((doc) => {
    itemsArray.push({
      id: doc.id,
      name: doc.data().name,
      type: doc.data().type,
      price: doc.data().price,
      description: doc.data().description,
      img: doc.data().img,
      reviews: doc.data().reviews,
    });
  });
  return itemsArray;
});

export const fetchItems = createAsyncThunk("items/fetchItems", async () => {
  const querySnapshot = await getDocs(collection(db, "items"));
  const itemsArray: itemsType[] = [];
  querySnapshot.forEach((doc) => {
    itemsArray.push({
      id: doc.id,
      name: doc.data().name,
      type: doc.data().type,
      price: doc.data().price,
      description: doc.data().description,
      img: doc.data().img,
      reviews: doc.data().reviews,
    });
  });
  return itemsArray;
});

Aleksandr M.OP•2/14/23, 2:51 PM

Still haven't figured it out... ChatGPT says that it would be better for me to create a separate collection for reviews and somehow connect it together, but I feel that there might be more elegant solution.