42501 - "New row violates row-level security for table"
Hi there,
I'm a total noob. I started my coding journey with HTML in June, and have worked my way to Next.js. So, my apologies if I use the wrong terminology, get things wrong, or am generally confused.
I recently started building my first full-stack app. It uses Next.js 14 with the App router and Supabase. I used this quickstart framework to start: https://supabase.com/docs/guides/getting-started/quickstarts/nextjs. It came with a pre-made login page, and a folder name "/utils/supabase" that has two createClient components (client and server), as well as a middleware component. Attaching a screenshot of all three.
The project is pretty simple. The main parts, I think relevant to this, are:
/app
↳ /login
↳ /dashboard
↳ /brief/page. → GitHub: https://github.com/NilsWestgardh/briefbuddy/blob/main/app/dashboard/brief/page.tsx
/utils
↳ /supabase
↳ /server.ts
↳ /client.ts
↳ /middleware.ts
The brief page is returns a React Hook Form (validated with zod) that lets users create a marketing brief. I'm able to login, navigate to the form, and fill it out. But when I submit it, I get a console error with the code 42501 that says "New row violates row-level security for table". Screenshot attached. The page component is marked with 'use client' because I'm using useState to dynamically update the price on the form.
When a user submits a, I want it to be added to the briefs table in a way only they can query.
In Supabase, I only have one table (briefs). It only has one RLS policy, currently. Screenshot attached. I tried temporarily disabling RLS to test in in development. That let me insert data into the table, no problem.
I've been struggling with this all day, and I'm very lost. I realize Next.js 14 is very new (which I didn't know when I started learning it 2 weeks ago), and there isn't a lot of info out there on this particular issue. At least not that I'm currently able to understand.
I would greatly appreciate any and all help!
Nils
GitHub
briefbuddy/app/dashboard/brief/page.tsx at main · NilsWestgardh/bri...
BriefBuddy helps you go from marketing brief to campaign ideas in minutes, not days. - NilsWestgardh/briefbuddy
6 Replies
you need to show the us what you're trying to insert, the table structure, and what your RLS policy is
you'll most likely be able to solve that issue once you look at those three things though
If you have select() on the insert you also need to meet the select policy which I don't think you show. Also your policy requires a signed in user when you make the call. It is very common when first starting out that your session handling is not working as you think. Finally next.js does caching and this will tend to impact debugging RLS changes as it will still reflect stale conditions.
Hey @Socal and @garyaustin thanks for responding!
I'm attaching a couple of screenshots which I hope will make things clearer for you. They are of the table structure, RLS, zod schema and form default values, onSubmit function.
I only have one RLS policy, it is set to ALL.
I don't have a select() on insert in the onSubmit function, if that was what you meant. It's only: await supabase.from('briefs').insert([data]);
I'm able to sign in through the pre-made login that came with the quickstart framework. But I'm not sure if my user sessions are being tracked. I'm quite confused abut that.
Also, you can see the code directly on my github repo if that's helpful. I really appreciate your help and time!
I'm taking a break for tonight, and tomorrow I'll do this tutorial: https://www.youtube.com/watch?v=HNXKB2Yn5O0 I hope it will help me understand how to work with Next.js / Supabase better. I went straight from https://nextjs.org/learn to building a full-stack app, which might have been biting off more than I could chew.
CodewithGuillaume
YouTube
Building a Full-Stack Web App with Next.js 14, @resendlabs & @Supab...
A newsletter app with Next.js 14, Resend & Supabase.
Github repo 👉 https://dub.sh/pwD7Fag
💌 Newsletter top 5 code news of the week 👉 https://dub.sh/codewithg
Thanks to @next @resendlabs @Supabase.
———
Chapters:
00:39 Install
02:07 Cleaning
03:17 Makefile
05:45 Github repo
06:18 React-Handbook
07:08 Architecture
09:16 Types
15:04 Lib
18:02...
Learn Next.js | Next.js by Vercel - The React Framework
Next.js by Vercel is the full-stack React framework for the web.
If the one policy you show is ALL it needs a USING policy.
I would try disabling RLS and see if it works. Then enable just for authorized. Then auth.uid()=user_id. If authorized does not work then try anon with true for the policy. If anon works then you don't have a user session when you make the call.
I did try disabling RLS and that let me insert a row. I’ll try those steps next:
1. Just authorized
2. Authorized + check
If authorized doesn’t work:
3. anon + true
Did I get that right?
Try authenticated (sorry) with true. My guess is it is not going to work.
Then try anon with true if authenticated does not to confirm you don't have a signed in user at point of call.