[JonDevOps]

The update rule for competition entries allows any authenticated user to vote. However, there are a couple of potential issues with this logic:

1. It doesn't prevent a user from voting for their own entry. You should add a check like resource.data.userId != request.auth.uid.
2. The rule only handles adding a vote via isAddingSelfToList. It doesn't seem to allow a user to remove their vote. Consider adding a corresponding isRemovingSelfFromList condition to allow users to change their minds.

Originally posted by @gemini-code-assist[bot] in #469 (comment)