RLS Anyone Can Count, but NOT Read

hearts
- pid (fk to posts.id)
- uid (fk to users.id)
(pk = pid + uid)

hearts
- pid (fk to posts.id)
- uid (fk to users.id)
(pk = pid + uid)

I have set up my rules so that only a user can like their own post. Basically all CRUD operations. However, I need ANYONE to be able to count the likes for a post.

Current Rule

(role() = 'authenticated'::text)
AND (uid = uid())
AND (uid() = (SELECT posts.author FROM posts WHERE (posts.id = hearts.pid)))

(role() = 'authenticated'::text)
AND (uid = uid())
AND (uid() = (SELECT posts.author FROM posts WHERE (posts.id = hearts.pid)))

Count Query

// pid is the post id
const q2 = supabase.from('hearts')
  .select('pid', { count: 'exact' })
  .eq('pid', pid);

// pid is the post id
const q2 = supabase.from('hearts')
  .select('pid', { count: 'exact' })
  .eq('pid', pid);

How can I create a rule allowing anyone to be able to ONLY count the total likes, just not CRUD them? Can I do this with an additional rule, or do I need to edit the current one?

Thanks,

J

Supabase•4y ago•

3 replies

jdgamble555

RLS Anyone Can Count, but NOT Read

hearts
- pid (fk to posts.id)
- uid (fk to users.id)
(pk = pid + uid)

hearts
- pid (fk to posts.id)
- uid (fk to users.id)
(pk = pid + uid)

I have set up my rules so that only a user can like their own post. Basically all CRUD operations. However, I need ANYONE to be able to count the likes for a post.

Current Rule

(role() = 'authenticated'::text)
AND (uid = uid())
AND (uid() = (SELECT posts.author FROM posts WHERE (posts.id = hearts.pid)))

(role() = 'authenticated'::text)
AND (uid = uid())
AND (uid() = (SELECT posts.author FROM posts WHERE (posts.id = hearts.pid)))

Count Query

// pid is the post id
const q2 = supabase.from('hearts')
  .select('pid', { count: 'exact' })
  .eq('pid', pid);

// pid is the post id
const q2 = supabase.from('hearts')
  .select('pid', { count: 'exact' })
  .eq('pid', pid);

How can I create a rule allowing anyone to be able to ONLY count the total likes, just not CRUD them? Can I do this with an additional rule, or do I need to edit the current one?

Thanks,

J

RLS Anyone Can Count, but NOT Read

Similar Threads

RLS Anyone Can Count, but NOT Read

Similar Threads

Similar Threads

Similar Threads