Safest and less expensive way to delete comments in FireStore

I am using FireStore for my Flutter application. Users can post comments under some articles. They can also reply to other comments. Comments have the following structure

where ancestorsId is a list containing all the parent comments id.
Comments can be deleted by the poster or an admin.
When a comment is deleted, all the children comments should be deleted as well.

How can I do that with safety and at the lowest cost ? I have thought to the following so far:

Case 1: Using a Go server and Custom Claims

I can set user role as a custom claim. Then, when a user clicks on delete comment button, it sends a request to the server with the comment ID and the user Token ID. I can check if the user is admin with the token ID. If it is not the case, the server asks the comment data and check if comment userId and token user Id match. If one of those two conditions is true, I can get all comment children with a where request on comments collection, and delete all involved comments with a batch.

Problems:

• Custom claims use token, that live for 1 hour. It could create troubles if a crazy admin starts deleting everything, because his admin token can be valid for up to 1 hour. But if I use a server, I think I can manage this.

• I need to get comments before deleting them. It involves two operations and then the price is actually twice the price of deleting comments operations.

Case 2: Using FireStore rules

I could stick with a client only, and use FireStore rules instead of using a server. It means that I could no longer use custom claims, and I would have to store users role in a field in my users collection. I could use a delete rule like:

match /comments/{comment}{
    allow delete: if request.auth != null && (request.auth.uid == request.resource.data.userId || isAdmin(request));
    }

where isAdmin is a function that checks if the user is an admin.

Problems:

• isAdmin will need to read a data from another document and thus cost money

• This solution doesn't delete children comments. And the rule doesn't allow a user to request another user's comment deletion, unless he is admin.

What could be a solution to solve my issue at low cost without putting safety aside ?

It seems to me that you really only have one solution that works, as the second approach leaves orphaned documents in the database.

But if you do consider the second approach valid for your app, you're trading the cost of reading-and-then-deleting some documents for the cost of leaving them in the database. While the cost of keeping a document in the database is low, you'll end up paying it every month. Since the number of orphaned documents will keep growing, the storage cost for them will keep growing too. So while deleting them now may seem more expensive, it's just a one time cost.

If you're worried about the cost of running Cloud Functions, keep in mind there's a pretty decent free tier for those. Even if that tier is not enough to run your code in production, it should at least be enough to give you a feeling for what the cost is gonna be.