With this rule you will check not only if the user is logged in, you’ll also check that the logged in user’s UID match with what is stored inside a collection of users.
// Grants a user access to a node matching their user ID
service firebase.storage {
match /databases/{database}/documents {
match /users/{userId}/{documents=**} {
allow read, write: if isOwner(userId);
}
}
function isOwner(userId) {
return request.auth.uid == userId;
}
}