Firestore Rules - Allow "manager" to read/update data

Question

We have 2 roles: manager and user in the system and want to allow manager to read and write data for the user. We have a collection for each user where we keep to whom that user is reporting. For example: collection: users/GUIDforTheUser/ In this collection, we keep who reports to whom (AccountId represents the mangager of the userId).

We also have a data collection: data/GUIDforTheUser/, and I want to allow manager(report) to read and write the data to the user who reports to him. How would I write the rule?

Answer 1

You can use get() to fetch /user/{userId} document and check if accountId in that document matches UID of user trying to read the information:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents { 
    match /data/{userId} {
      allow read: if request.auth.uid == get(/databases/$(database)/documents/users/$(userId)).data.accountId;
    }   
  }
}