RLS applying to many to many relationship

What I want: a user in Supabase to have read/write access to a specific club within a school. I also want that user to only be able to access students that belong to that club.

What I have: a RLS rule that successfully only returns clubs I should have access to. But if I get the list of students I get all students.

Supabase tables:

student:
first_name

student_club:
student_id,
club_id

club:
name

student:
first_name

student_club:
student_id,
club_id

club:
name

RLS for club table:

(uid() IN ( SELECT profiles.user_id
   FROM profiles
  WHERE (profiles.club_id = club.id)))

(uid() IN ( SELECT profiles.user_id
   FROM profiles
  WHERE (profiles.club_id = club.id)))

RLS is enabled for

club

club

with the above rule and disabled on the other tables.

Do I need to add similar rules to the students and student_club tables? I was hoping I'd write essentially one rule and it would cover all the cases to reduce chances of bugs

Supabase•4y ago•

5 replies

aaron

RLS applying to many to many relationship

student:
first_name

student_club:
student_id,
club_id

club:
name

student:
first_name

student_club:
student_id,
club_id

club:
name

RLS for club table:

(uid() IN ( SELECT profiles.user_id
   FROM profiles
  WHERE (profiles.club_id = club.id)))

(uid() IN ( SELECT profiles.user_id
   FROM profiles
  WHERE (profiles.club_id = club.id)))

RLS is enabled for

club

club

RLS applying to many to many relationship

Similar Threads

RLS applying to many to many relationship

Similar Threads

Similar Threads

Similar Threads