can you use a RLS policy on the real time messages payload?
I took the RLS policy template that says "Enable users to view their own data only"
create policy "Enable users to view their own data only"
on "public"."posts"
to authenticated
using (
(( SELECT auth.uid() AS uid) = userid)
);
So only the user who owns the post can see it. I tried to use it for the real-time messages' payload. So the user only receives their message in real-time, but it's not working. I'm using the realtime.send()
create policy "Enable users to view their own data only"
on "realtime"."messages"
to authenticated
using (
(( SELECT auth.uid() AS uid) = (payload ->> 'userid')::uuid)
);
I could use the postgres_changes version of realtime but i'm testing out realtime.send because i'm about to use it for something else. So I'm trying to see if you can use the keys from the payload inside an RLS policy
1 Reply
realtime.send is the recommended way to go over postgres_changes now.
It is done on a channel basis though not each insert into the table. So your policy needs to have a channel per user and realtime.send has to send to that users channel.