SupabaseS
Supabase2y ago
Sjors

RLS policy including a auth.uid() statement

Hello,

I have been trying to setup a RLS policy which is using the auth.uid(), but it doesn't really seem to work the way I expect it to do. The goal I am trying to achieve is the following: Being able to select/read data when the user has a specific uuid. Doesn't seem that hard to me.

For demonstration purposes I've included some migration and seed code.

migration.sql
create table if not exists public.posts (
  "id" bigint generated by default as identity not null PRIMARY KEY,
  "title" text not null,
  "created_at" timestamp with time zone not null default now()
);
alter table public.posts enable row level security;

create policy "Enable read for authenticated users"
on public.posts
for select
to public
using (auth.uid() = '0ba6ec03-1a07-43f0-aa41-380204bb5319');


seed.sql
insert into auth.users (instance_id, id, ...)
values
  ('00000000-0000-0000-0000-000000000000', '0ba6ec03-1a07-43f0-aa41-380204bb5319', ...);

insert into auth.identities (provider_id, user_id, ...)
values
  ('0ba6ec03-1a07-43f0-aa41-380204bb5319', '0ba6ec03-1a07-43f0-aa41-380204bb5319'::uuid, ...);

insert into public.posts (title)
values
  ('My first post');


When the created user tries to fetch the data it receives an empty array which probably means the policy statement is 
false
. When I replace the statement auth.uid() = '0ba6ec03-1a07-43f0-aa41-380204bb5319' with 
true
 the user receives the correct data.

Is there something wrong with this stament? As far as I know it should be working. I've included the source files to test.

Thanks in advance!
source-files.zip1.42KB
Was this page helpful?