SupabaseS
Supabase3y ago
Jamie

Race condition with RLS

I have somewhat of a race condition but I'm not sure the exact execution order inside postgres.

I have 
teams
 and team_members tables.

teams
 has an RLS policy for SELECT statements meaning only members of that team can read it (if currently authed user is present in the team_members table). There's also a similar policy on team_members.

I allow any authenticated user to INSERT into 
teams
, and then a trigger will add a row to team_members with the user that created the team. Simple enough.

The issue is this insert fails because of the RLS policy - because I am returning a result from the modified row, my assumption being that when I .select() from the insert - the trigger has not yet been run and therefore no record exists in team_members.

If I comment out these lines
const res = await supabase
                .from('teams')
                .insert({
                    name: name,
                })
                .select() // <<< delete
                .single(); // <<< delete


The insert works correctly - but I do need to know the ID of the team I just created for the app flow to work correctly.

Any thoughts?
Was this page helpful?