S
Supabase1h ago
tele

Supabase table editor internal errors after AI assistant security invoker revert on a view

I made some changes with the supabase AI assistant, and tl;dr is that my users table is working but in the table editor, completely malfunctional. I have a users table, with a public view for the non-private detail that needs to be visible to anon users. I created this view with the following SQL provided below: This was my first time using a view instead of just tables, and after running this, there was a button which prompted me to enable the security invoker, an autofix. I clicked this, which broke most of my code, so I asked the supabase AI assistant to revert it, which it 'succesfully did'. However, this makes the users table page inoperable. 
-- This view shows EVERY ad separately (one row per ad)
CREATE OR REPLACE VIEW public_tutor_ads AS
SELECT 
  -- Ad information
  a.ad_id,
  a.hourly_rate,
  a.description,
  a.title,
  a.first_30_min_free,
  a.search_tags,
  a.academic_levels,
  a.created_at as ad_created_at,
  
  -- Tutor information (excluding sensitive fields)
  t.tutor_id,
  t.user_id,
  t.total_class_hours_given,
  t.average_review_score,
  t.total_review_count,
  t.about_me,
  t.video_url,
  t.diploma_url,
  t.id_verified,
  t.diploma_verified,
  t.created_at as tutor_joined_date,
  
  -- Safe user fields (NO email, NO sensitive PII)
  u.first_name,
  u.last_name,
  u.gender,
  u.languages,
  u.avatar_image_url,
  u.country,
  u.created_at as user_created_at
  
FROM ads a
INNER JOIN tutors t ON a.created_by_tutor_id = t.tutor_id
INNER JOIN users u ON t.user_id = u.user_id
WHERE a.is_enabled = true;

-- 3. Grant public access to the view ONLY
GRANT SELECT ON public_tutor_ads TO anon;
GRANT SELECT ON public_tutor_ads TO authenticated;

-- 4. Add helpful comment
COMMENT ON VIEW public_tutor_ads IS 
  'Public view of tutor ads with only safe, non-sensitive information. Each row represents one ad. Excludes email, r2_id_key, and total_cash_earned.';

-- 5. Verify the view works
-- Run this to test:
SELECT * FROM public_tutor_ads LIMIT 5;
-- This view shows EVERY ad separately (one row per ad)
CREATE OR REPLACE VIEW public_tutor_ads AS
SELECT 
  -- Ad information
  a.ad_id,
  a.hourly_rate,
  a.description,
  a.title,
  a.first_30_min_free,
  a.search_tags,
  a.academic_levels,
  a.created_at as ad_created_at,
  
  -- Tutor information (excluding sensitive fields)
  t.tutor_id,
  t.user_id,
  t.total_class_hours_given,
  t.average_review_score,
  t.total_review_count,
  t.about_me,
  t.video_url,
  t.diploma_url,
  t.id_verified,
  t.diploma_verified,
  t.created_at as tutor_joined_date,
  
  -- Safe user fields (NO email, NO sensitive PII)
  u.first_name,
  u.last_name,
  u.gender,
  u.languages,
  u.avatar_image_url,
  u.country,
  u.created_at as user_created_at
  
FROM ads a
INNER JOIN tutors t ON a.created_by_tutor_id = t.tutor_id
INNER JOIN users u ON t.user_id = u.user_id
WHERE a.is_enabled = true;

-- 3. Grant public access to the view ONLY
GRANT SELECT ON public_tutor_ads TO anon;
GRANT SELECT ON public_tutor_ads TO authenticated;

-- 4. Add helpful comment
COMMENT ON VIEW public_tutor_ads IS 
  'Public view of tutor ads with only safe, non-sensitive information. Each row represents one ad. Excludes email, r2_id_key, and total_cash_earned.';

-- 5. Verify the view works
-- Run this to test:
SELECT * FROM public_tutor_ads LIMIT 5;
1 Reply
tele
teleOP1h ago
The browser console of the supabase page itself: main-34abffbb28aa5c54.js?dpl=dpl_2jUL7iXF73zCBuCQUkNePzVNKcUJ:18 [Warning] Please install/enable Redux devtools extension (anonymous) @ main-34abffbb28aa5c54.js?dpl=dpl_2jUL7iXF73zCBuCQUkNePzVNKcUJ:18 main-34abffbb28aa5c54.js?dpl=dpl_2jUL7iXF73zCBuCQUkNePzVNKcUJ:18 Supabase Studio is running commit 977b867bef6819077c7c306f3d4c07ac0557d9ab deployed at 2025-10-25 14:17:19 +02:00. main-34abffbb28aa5c54.js?dpl=dpl_2jUL7iXF73zCBuCQUkNePzVNKcUJ:18 ConfigCat - WARN - [3003] Cannot evaluate condition (User.Email IS ONE OF [<1 hashed value>]) for setting 'enablePgReplicate' (the User.Email attribute is missing). You should set the User.Email attribute in order to make targeting work properly. Read more: https://configcat.com/docs/advanced/user-object/ (anonymous) @ main-34abffbb28aa5c54.js?dpl=dpl_2jUL7iXF73zCBuCQUkNePzVNKcUJ:18 main-34abffbb28aa5c54.js?dpl=dpl_2jUL7iXF73zCBuCQUkNePzVNKcUJ:18 ConfigCat - WARN - [3003] Cannot evaluate condition (User.Email IS ONE OF [<1 hashed value>]) for setting 'enablePgReplicate' (the User.Email attribute is missing). You should set the User.Email attribute in order to make targeting work properly. Read more: https://configcat.com/docs/advanced/user-object/ (anonymous) @ main-34abffbb28aa5c54.js?dpl=dpl_2jUL7iXF73zCBuCQUkNePzVNKcUJ:18 With the following error: api.supabase.com/platform/pg-meta/isxxnbpuoziuipryikkk/policies?included_schemas=&excluded_schemas=:1 Failed to load resource: the server responded with a status of 500 () After 15-30 seconds, it shows this timeout error: 22837?schema=public&sort=created_at%3Adesc&sort=updated_at%3Aasc:1 Access to fetch at 'https://api.supabase.com/platform/pg-meta/isxxnbpuoziuipryikkk/query?key=table-rows-count-22837' from origin 'https://supabase.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. main-34abffbb28aa5c54.js?dpl=dpl_2jUL7iXF73zCBuCQUkNePzVNKcUJ:18 POST https://api.supabase.com/platform/pg-meta/isxxnbpuoziuipryikkk/query?key=table-rows-count-22837 net::ERR_FAILED 504 (Gateway Timeout) (anonymous) @ main-34abffbb28aa5c54.js?dpl=dpl_2jUL7iXF73zCBuCQUkNePzVNKcUJ:18 ... Detail explanation of reproducing errors: 1. Navigate to table editor of users table of project isxxnbpuoziuipryikkk 2. Try sorting any columns --> it won't do anything Notable info: This seems to only be happening sometimes, and it's not clear when User account attached to Github: LouisVanh / email: vanhovelouis123@gmail.com

Did you find this page helpful?