https://supabase.com/ logo
Join Discord
Powered by
yes sorry
# sql
a
yes sorry
yes sorry
I think maybe the issue is when I'm making the query it isn't sending the userid to check in the RLS. It's checking if userid is equal to the column in the table which explains why it works without RLS
but with RLS maybe the policy is correct but it's just recieving null so it doesn't work
r
since there is no await on the supabase.auth.user() call then the supabase client can't send the right userid because it doesn't have it?
a
found this code online which is essentially what I have
I might try adding await to that and see but because it works without RLS I dont think thats it
nope that wasn't it
r
was worth a shot 🙂
b
I’m not familiar with flutter but once you get your rls working you don’t need to send any parameters. You can just do 
.delete()
and it’ll only delete records that match the rls.
a
hmm thats really odd that it isn't working once it's enabled then
b
So no need to send 
.eq()
a
I think in flutter eq is checking the actual column value
I have 7 rows with that value and I only want to delete them
b
Rls policies effectively just get added to the 
where
clause.
r
so you can do both (eq and RLS) if you want to be more specific than RLS alone?
b
The 
eq
is redundant
Doesn’t hurt but doesn’t do anything.
a
without the eq how would it know which rows to delete?
I'll try removing it and see
I get this response when RLS is disabled
eq is required I think unless thats just because I had the RLS disabled
it wiped the whole table
b
Effectively PostgreSQL is running `where field = ‘x’ AND where field = ‘x’
r
I see what you are saying. EQ could be used to check some other column and then RLS would come behind and also check that userid matches (or whatever policy has been set). Does that sound right?
h
Oof
b
RLS policies automatically add the RLS expression to the WHERE clause of the statement being run.
Yes that sounds right.
h
I mean that's not how it works but yea
a
Alright so I removed the eq and enabled RLS and it still has the same issue
but without the eq it wipes all user data in the table
b
What does your RLS clause look like?
h
RLS is just to check whether to allow that query to be run if RLS is truthy, the query is run RLS won't affect the query
r
do all the rows in the table match the policy you have defined?
a
this is my table. Not the best way of doing things probably
this is the RLS policy
h
Ah then nvm
Lmao
a
the userid is a foreign key
so its a one to many relationship I from the profile table I believe
b
Did you try 
auth.uid()
?
Not sure if that is necessary though
h
Auth.uid() will get converted to uid()
a
auth.uid did the same thing
h
Anyway
a
this is so confusing hahaha
like all the other policies work and they have the same check in them
r
Without RLS and with the eq do all the rows get deleted too?
a
no, only the 7 I want deleted that belong to the user
b
Do you have any triggers on that table?
a
I haven't setup any triggers I know of
h
So the problem is that the delete query deleted rows where the RLS shud have failed?
a
Yes from my understanding. By removing the eq it is just told to delete all rows in that table
with RLS it did nothing without it deleted it all
with the eq it only deletes what I want
h
No but then the RLS expression shudnt let it
a
with it disabled it did
with it enabled it did nothing
h
Oh u disabled RLS?
Lmao
a
but thats the issue with eq too
yeah haha I tried both
b
So effectively your RLS is always returning FALSE
a
yeah it seems
I always get a blank return of []
with RLS disabled I get an actual return of the data being deleted
h
RLS will return false because u have rows that don't pass the expression right? Try turning rls on and then use eq to make sure the row will be true in rls
b
Your table name is userworkouts_duplicate?
a
I duplicated the table
I'm running it on the duplicate so I don't delete my actual user data accidently
I setup the policy for the duplicate
b
And you’re referencing that table from your client application?
a
yup
I tested it on the duplicate without RLS and it works fine
b
Just making sure you’re not missing anything small
a
I dont think thats the issue because it works with update, insert and access
its only delete that has the issue
h
But just try
Using eq and rls works?
a
With RLS on and the policy and using eq it does nothing
When I use RLS it just stops working only for delete, everything else works
h
Wait
What operations have u selected in the RLS policy?
a
on the duplicate I have this
is there more to do for delete?
h
Can u click edit and show?
a
when I click edit I only get this
I used the template for delete
h
Okay so
Try adding select operation to this policy and check with rls on and eq operator
b
Do you know who the owner of the table is?
a
I'm the owner of the table
h
Check deleting not selecting*
a
just trying to workout how to do it haha
b
Those two screen shots say 
user_id
and 
userid
a
the seconds the template
the first is my one
my column is userid
b
Just checking field names
a
think I just fixed it
b
In that link I sent I just read “ (However, the table's owner is typically not subject to row security policies.) “
What was it?
h
How
a
When doing the policy I used all. Since I'm using userid to update,insert,delete and access
h
I think select is required
That's why I told
For delete
a
If I wasn't to do it through all how would I go about doing that?
it doesn't seem to give the option to do select and delete
h
Yeah I think u shud create it twice
Try? Just with select and delete
a
yep thats it
you need both policies
h
Neat
b
A select policy must be passed when updating or deleting data unless you pass returning: minimal as a parameter.
r
Nice!
b
I ran into this when I wanted an RLS that only allows users to INSERT (for logging data)
My code kept failing until I added an RLS for SELECT.
h
Bro is real-time rls coming? I don't mean soon but will it happen?
b
Then I read that after updating and deleting data, Postgrest returns the data back so you can confirm it.
So I added the 
returning
parameter and it works without the SELECT policy.
h
Ohh
b
We are aware of RLS Realtime issue but I don’t know when it’s coming. I would expect it soon though because this comes up a lot but I’m not on that team so I can’t say when.
It’s a priority though
h
Aight can't wait!
And functions as well
It wud be more complete with them
Btw where does supabase store it's images?
b
What are your main use cases for functions? I’m doing almost everything with PostgreSQL functions and it’s working great so far.
h
I mean files in storage
b
AWS buckets
We’ve exhausted this thread 🙂
h
Uhh just some api calls I think it shud work fine with postgres but it wud be nice to have functions so that I can use libraries
Or maybe I can just them in postgres as well
b
I use libraries wirh my SupaScript library
h
Then why Supabase functions? 😂
Let's just talk in general
PreviousNext
Powered by