how to access the requesting user's data in firestore

Question

in my firestore, i have a boolean field called admin for the user documents in my users collection. when true, that user can read other user accounts. but how can i access that field in firestore.rules?

this doesn't work, but gets the idea across of what i am looking to do

allow get: if request.auth.uid.data.admin == true

the only data i see accessed in the documentation, is fom the resource being accessed. which would mean each user would have an admins array of every admin referenced in it, which would be a nightmare to maintain

Answer 1

try this

function isAdmin(request, uid) {
   return get(/databases/$(database)/documents/users/$(request.auth.uid)).data.admin == true
}

match /YOUR_COLLECTION/{doc} {
   allow read: if isAdmin(request)
}

assuming you re using the uid as user doc id, this would work not only for user by collection you set this function

Answer 2

It sounds like you're trying to use data from another document than the one that is being read. If you have a /users collection with a document for each user stored under their UID, then:

allow get: if get(/databases/$(database)/documents/users/$(request.auth.uid)).data.admin == true

So this gets the user's document, and then check if there's an admin field in there that has the value of true.