Error uploading document - new row violates row-level security policy

i have bucket - onboarding-documents. inside it there are 2 folders, license and cmr-insurance. INSERT & UPDATE:

((bucket_id = 'onboarding-documents'::text) AND ((storage.extension(name) = 'jpg'::text) OR (storage.extension(name) = 'png'::text) OR (storage.extension(name) = 'jpeg'::text) OR (storage.extension(name) = 'pdf'::text)) AND ((lower((storage.foldername(name))[1]) = 'license'::text) OR (lower((storage.foldername(name))[1]) = 'cmr-insurance'::text)))

((bucket_id = 'onboarding-documents'::text) AND ((storage.extension(name) = 'jpg'::text) OR (storage.extension(name) = 'png'::text) OR (storage.extension(name) = 'jpeg'::text) OR (storage.extension(name) = 'pdf'::text)) AND ((lower((storage.foldername(name))[1]) = 'license'::text) OR (lower((storage.foldername(name))[1]) = 'cmr-insurance'::text)))

SELECT:

((bucket_id = 'onboarding-documents'::text) AND ((storage.foldername(name))[1] = 'license'::text) AND (( SELECT auth.uid() AS uid) = (owner_id)::uuid))

((bucket_id = 'onboarding-documents'::text) AND ((storage.foldername(name))[1] = 'license'::text) AND (( SELECT auth.uid() AS uid) = (owner_id)::uuid))

however when i insert through my frontend:

const documentType = field === "license" ? "license" : "cmr-insurance";

// Upload verified document
const path = `${field}/${Date.now()}-${formData.vat}`;
const url = await uploadDocument(
file,
"onboarding-documents",
path
);
export async function uploadDocument(
    file: File,
    bucket: string,
    path: string,
): Promise<string> {
    const supabase = await createClient();

    const { data, error } = await supabase.storage.from(bucket).upload(
        path,
        file,
        {
            cacheControl: "3600",
            upsert: false,
        },
    );

    if (error) {
        console.error("Error uploading document:", error);
        throw error;
    }

    console.log(error);
    const {
        data: { publicUrl },
    } = supabase.storage.from(bucket).getPublicUrl(data.path);

    return publicUrl;
}

const documentType = field === "license" ? "license" : "cmr-insurance";

// Upload verified document
const path = `${field}/${Date.now()}-${formData.vat}`;
const url = await uploadDocument(
file,
"onboarding-documents",
path
);
export async function uploadDocument(
    file: File,
    bucket: string,
    path: string,
): Promise<string> {
    const supabase = await createClient();

    const { data, error } = await supabase.storage.from(bucket).upload(
        path,
        file,
        {
            cacheControl: "3600",
            upsert: false,
        },
    );

    if (error) {
        console.error("Error uploading document:", error);
        throw error;
    }

    console.log(error);
    const {
        data: { publicUrl },
    } = supabase.storage.from(bucket).getPublicUrl(data.path);

    return publicUrl;
}

i seem to get this error: Error uploading document: { statusCode: '403', error: 'Unauthorized', message: 'new row violates row-level security policy' }

3 Replies

garyaustin•2mo ago

You don't show the entire policies. Where do you add the extension to the path name? You should simplify to bucket and true for the USING/WITH CHECK clauses and build up until it fails.

Lordvickthor•2mo ago

I can help fix your Supabase RLS issue causing the 403 Unauthorized error. It likely comes from the INSERT policy not matching the authenticated user. Are you setting owner_id from auth.uid() during the upload? @Borislav Borisov

Borislav BorisovOP•2mo ago

yes, the problem was i that i wasn't adding the extension, but i've since figured it out. thank you for the adequate response.

Gaming

Programming

Error uploading document - new row violates row-level security policy

Did you find this page helpful?