Supabase•3y ago•

3 replies

RLS policy including a auth.uid() statement

Hello,

I have been trying to setup a RLS policy which is using the

auth.uid()

auth.uid()

, but it doesn't really seem to work the way I expect it to do. The goal I am trying to achieve is the following: Being able to select/read data when the user has a specific uuid. Doesn't seem that hard to me.

For demonstration purposes I've included some

migration

migration

and

seed

seed

code.

migration.sql
migration.sql

create table if not exists public.posts (
  "id" bigint generated by default as identity not null PRIMARY KEY,
  "title" text not null,
  "created_at" timestamp with time zone not null default now()
);
alter table public.posts enable row level security;

create policy "Enable read for authenticated users"
on public.posts
for select
to public
using (auth.uid() = '0ba6ec03-1a07-43f0-aa41-380204bb5319');

create table if not exists public.posts (
  "id" bigint generated by default as identity not null PRIMARY KEY,
  "title" text not null,
  "created_at" timestamp with time zone not null default now()
);
alter table public.posts enable row level security;

create policy "Enable read for authenticated users"
on public.posts
for select
to public
using (auth.uid() = '0ba6ec03-1a07-43f0-aa41-380204bb5319');

seed.sql
seed.sql

insert into auth.users (instance_id, id, ...)
values
  ('00000000-0000-0000-0000-000000000000', '0ba6ec03-1a07-43f0-aa41-380204bb5319', ...);

insert into auth.identities (provider_id, user_id, ...)
values
  ('0ba6ec03-1a07-43f0-aa41-380204bb5319', '0ba6ec03-1a07-43f0-aa41-380204bb5319'::uuid, ...);

insert into public.posts (title)
values
  ('My first post');

insert into auth.users (instance_id, id, ...)
values
  ('00000000-0000-0000-0000-000000000000', '0ba6ec03-1a07-43f0-aa41-380204bb5319', ...);

insert into auth.identities (provider_id, user_id, ...)
values
  ('0ba6ec03-1a07-43f0-aa41-380204bb5319', '0ba6ec03-1a07-43f0-aa41-380204bb5319'::uuid, ...);

insert into public.posts (title)
values
  ('My first post');

When the created user tries to fetch the data it receives an empty array which probably means the policy statement is

false

false

. When I replace the statement

auth.uid() = '0ba6ec03-1a07-43f0-aa41-380204bb5319'

auth.uid() = '0ba6ec03-1a07-43f0-aa41-380204bb5319'

with

true

true

the user receives the correct data.

Is there something wrong with this stament? As far as I know it should be working. I've included the source files to test.

Thanks in advance!

source-files.zip1.42KB

RLS policy including a auth.uid() statement

Hello,

I have been trying to setup a RLS policy which is using the

auth.uid()

auth.uid()

migration

migration

and

seed

seed

code.

migration.sql
migration.sql

create table if not exists public.posts (
  "id" bigint generated by default as identity not null PRIMARY KEY,
  "title" text not null,
  "created_at" timestamp with time zone not null default now()
);
alter table public.posts enable row level security;

create policy "Enable read for authenticated users"
on public.posts
for select
to public
using (auth.uid() = '0ba6ec03-1a07-43f0-aa41-380204bb5319');

create table if not exists public.posts (
  "id" bigint generated by default as identity not null PRIMARY KEY,
  "title" text not null,
  "created_at" timestamp with time zone not null default now()
);
alter table public.posts enable row level security;

create policy "Enable read for authenticated users"
on public.posts
for select
to public
using (auth.uid() = '0ba6ec03-1a07-43f0-aa41-380204bb5319');

seed.sql
seed.sql

insert into auth.users (instance_id, id, ...)
values
  ('00000000-0000-0000-0000-000000000000', '0ba6ec03-1a07-43f0-aa41-380204bb5319', ...);

insert into auth.identities (provider_id, user_id, ...)
values
  ('0ba6ec03-1a07-43f0-aa41-380204bb5319', '0ba6ec03-1a07-43f0-aa41-380204bb5319'::uuid, ...);

insert into public.posts (title)
values
  ('My first post');

insert into auth.users (instance_id, id, ...)
values
  ('00000000-0000-0000-0000-000000000000', '0ba6ec03-1a07-43f0-aa41-380204bb5319', ...);

insert into auth.identities (provider_id, user_id, ...)
values
  ('0ba6ec03-1a07-43f0-aa41-380204bb5319', '0ba6ec03-1a07-43f0-aa41-380204bb5319'::uuid, ...);

insert into public.posts (title)
values
  ('My first post');

When the created user tries to fetch the data it receives an empty array which probably means the policy statement is

false

false

. When I replace the statement

auth.uid() = '0ba6ec03-1a07-43f0-aa41-380204bb5319'

auth.uid() = '0ba6ec03-1a07-43f0-aa41-380204bb5319'

with

true

true

the user receives the correct data.

Is there something wrong with this stament? As far as I know it should be working. I've included the source files to test.

Thanks in advance!

source-files.zip1.42KB

RLS policy including a auth.uid() statement

RLS policy including a auth.uid() statement

Similar Threads

Similar Threads

Similar Threads