Supabase•3w ago

pgTap unit tests after implementing Custom Claims & Role-based Access Control (RBAC)

Hi Folks After implementing Custom Claims & Role-based Access Control (RBAC) following https://supabase.com/docs/guides/database/postgres/custom-claims-and-role-based-access-control-rbac I found this guide easy to follow and following this pattern suits my requirements. It is working when testing manually using the web app though not when using pgTap tests. I don't think I'm mocking user_role correctly using set local request.jwt.user_role = 'driver'; Is this not the same as auth.jwt() ->> 'user_role' that I reversed engineered from the public.authorize function.

-- as User 1
set local role authenticated;
set local request.jwt.claim.sub = '123e4567-e89b-12d3-a456-426614174000';
set local request.jwt.user_role = 'driver'; --this is not correct

select is((select (auth.jwt() ->> 'user_role')::public.app_role), 'driver'::public.app_role);
select is((select public.authorize('profiles.mine.read')), true, 'driver can read own profile');

-- as User 1
set local role authenticated;
set local request.jwt.claim.sub = '123e4567-e89b-12d3-a456-426614174000';
set local request.jwt.user_role = 'driver'; --this is not correct

select is((select (auth.jwt() ->> 'user_role')::public.app_role), 'driver'::public.app_role);
select is((select public.authorize('profiles.mine.read')), true, 'driver can read own profile');

Edit: typo

Custom Claims & Role-based Access Control (RBAC) | Supabase Docs

Use Auth Hooks to add custom claims for managing role-based access control.

1 Reply

Gaslit By TechOP•3w ago

AI helped SET LOCAL "request.jwt.claims" = '{"user_role": "driver"}';

Gaming

Programming

pgTap unit tests after implementing Custom Claims & Role-based Access Control (RBAC)

Did you find this page helpful?