Hi there, I have a react native app and have auth setup, so that a session is created when a user logs in with their phone number. I have row level security setup with the rule to allow users to do anything to their own lists. But when testing if I try to create a list I'm getting this error:

error:  {"code": "42501", "details": null, "hint": null, "message": "new row violates row-level security policy for table \"lists\""}

This isn't making much sense to me because there is definitely a session for the user and I'm even passing in the user.id from the session into the user_id field in the table.

const handleCreateList = async () => {
    try {
      setIsLoading(true);
      const { data, error } = await supabase
        .from("lists")
        .insert([
          {
            user_id: user.id,
            name: listName,
            google_place_id: selectedPlace.placeId,
            google_place_name: selectedPlace.description,
            google_place_types: JSON.stringify(selectedPlace.types),
          },
        ])
        .select();

      if (error) {
        throw error;
      }

      console.log(data[0].id);

      navigation.navigate("ListOverview", { listId: data[0].id });
    } catch (error) {
      console.log("error: ", error);
    } finally {
      setIsLoading(false);
    }
  };

Any ideas what the issue could be? I run into a similar row level security issue when trying to read data using

select

with a logged in user.

The documentation states: Fetch the user object using the access_token jwt.

const { data, error } = await supabase.auth.admin.getUserById(1)

It already seemed silly to me but.. how can we extract the uuid from the token with getServerSideProps (cookie)? https://supabase.com/docs/reference/javascript/next/auth-admin-getuserbyid#fetch-the-user-object-using-the-access_token-jwt

Hey, does anyone know how to use the CLI for a selfhosted instance? In the documentation it requires you to login with

supabase login

but I do not know how that would work on self-hosted.

Hi everyone, I'm stuck with a weird error response from supabase. I'm trying to update a row in an

addresses

table. Here is my code:

JAVASCRIPT
const address_id = '322d4783-2692-4b63-a57e-a87ca248feb4';
console.log('address_id:', address_id);

const { data: address, error } = await supabase.from('addresses').update({ is_active: false }).eq('address_id', address_id);

if (address) return { status: 204 };

console.log('error:', error);
return { status: 400 };

for what I'm getting a empty array as a response:

address_id: 322d4783-2692-4b63-a57e-a87ca248feb4
error: []

seeing this: https://github.com/supabase/postgrest-js/issues/202, I've verified twice the

address_id

exists in my table, it works well when getting or inserting the data. You'll find below my RLS policy for update (same as insert and select) Would anyone know anything about it? Can bring further information if you need it!

Hi everyone, I'm using this package here for authorization and storing some additional metadata: https://github.com/supabase-community/supabase-custom-claims The way it is set up it allows users with the

claims_admin

claim change claims. Now what I want to do is also let my service role update claims. Currently the function looks like this:

plpgsql
    BEGIN
      IF NOT is_claims_admin() THEN
          RETURN 'error: access denied';
      ELSE        
        update auth.users set raw_app_meta_data = 
          raw_app_meta_data || 
            json_build_object(claim, value)::jsonb where id = uid;
        return 'OK';
      END IF;
    END;

I want something like this but I don't know how to achieve it:

plpgsql
    BEGIN
      IF NOT is_claims_admin() OR **SERVICE_ROLE** THEN
          RETURN 'error: access denied';
      ELSE        
        update auth.users set raw_app_meta_data = 
          raw_app_meta_data || 
            json_build_object(claim, value)::jsonb where id = uid;
        return 'OK';
      END IF;
    END;

Sorry for tagging you @burggraf but you seem to be the maintainer of that package.

is there any example for this ^^^ for example is user can change profile column but cant change its own role I dnt want make a new table for it

How can i do the above?

Hi I have a follow table that has the follower id and the person being followed id. Then a post table with the owner id and the content. What would be the best way to create a feed for each user? Should I use a join on each feed load? Should I have a feed table?

Hello, I was wondering the experience of audit tools. I saw a

supa-audit

package, but I'm also curious about the widely used

pgAudit

. I noticed that

supa-audit

supports a lot of OP/sec which works for me (small # users), but I would like to know other's opinion on the matter as well. As I understand, log in pro plan lasts only 7 days so

pgAudit

might not be long-term

I did a normal

.select()

request but my list is only 1000 rows, can i change this limit?

Hello Guys, following error occurred while developing an edge function:

TypeError: Class extends value undefined is not a constructor or null
    at file:///src/main.ts:40003:33

I tracked it down to using this in my edge function:

ts
const decoder = new TextDecoder();

The script works when testing outside the supabase ecosystem. Had anyone a similar error? Thank you so much in advance. - Max

I am trying to create a storage policy for the bucket

photos

such that: - User's can only access one file:

photo-images/${uid}.jpg

with CRUD operations. I tried watching this: Here is what I have, and it won't save:

typescript
bucket_id = 'photos' and (storage.foldername(name))[1] = 'profile_photos' and (storage.filename(name))[1] = (auth.uid()::text).jpg

J

I would like to save this additional data on my public "profiles" table, in this case I am only saving the username and I was wondering how is the correct way to modify my function that triggers each time a new users signs, in, is it something like this? that is currently not working

Is there a way to suspend user-login for a limited period of time for bad behavior or violation of terms of service on our platform?

Is there any way to allow the user login with your id + password or username + password

Hi guys. This is my current function (This function will basically increment a score between users):

create function increment_kudos (giver_id uuid, receiver_id uuid, amount int)
returns void as
$$
  update "userKudos"
  set kudos = kudos + amount
  where "giverId" = giver_id AND "receiverId" = receiver_id
$$
language sql volatile;

Problem is, the row needs to exist first if it is able to increment it. Im quite new so im unsure of syntax regarding how to add this logic in

sql

. Does anyone have any tips?

How does one use NPM packages in a supabase edge function? I've scaffolded one, and it doesn't seem to follow the typical NPM project structure.

I'm getting an error on both dev and production instances of my app;

duplicate key value violates unique constraint "integration_data_pkey"

. I've made no code or database changes, should I contact support about this?

I would think this would work:

(role() = 'authenticated'::text) AND (authorId.id = uuid())

Here

authorId

is a FK to

profiles.id

. I simply want to make sure a user can't insert a post where the author is someone else. I get column "authorId" does not exist when trying to create the policy, but it does exist. It is an fk field. J

I have created a Github issue: https://github.com/supabase/supabase/issues/9020 But I'm sorta wrecked my entire database now. So would appreciate any help. I basically turned off the extension in the dashboard in an attempt to fix an issue with Supabase CLI. And now it won't turn back on.

Hey, was just looking at Supabase auth and AWS Cognito. How come supabase is able to offer so much better pricing per MAU compared to AWS? Are there any features that are missing?

Is there documentation for the possible states/events that are passed to the callback function in the subscribe-method in realtime subscriptions? I know that "SUBSCRIBED" is fired when the connection is established (although i'm not entirely sure the timing is 100% correct), but I can't find anything on other events.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at xxxxxxxxxxxxxxxxxxxxxxxxxxxxx. (Reason: CORS request did not succeed). Status code: (null).

How can I add multiple site URLs for authentication? e.g. one is localhost and the other is deployment

Hi everyone! Im facing this issue I created a table which is called "messages"

messages
  - id int8
  - body varchar(255)
  - user_id uid

my usecase is that i want to retrieve messages within users ( when signup it will create new record on users table ) but it doesn't work

supabase.from('messages').select("id, body, users (email)")

I searched google and found a solution that because default user table is private, so we need to create another table (account) to store users and create a trigger for DB, everytime when signup then insert record to account table

I want each item in my DB to have a unique shortkey associated with it so I can use it for APIs

All of my tables are in a private schema. I am writing functions in the public schema to pull data from the private schema. When I test the API with CURL this is the message I am receiving.

{"message":"permission denied for schema private","code":"42501","details":null,"hint":null}%

What is the best approach for opening up security on these functions? Do I need to setup RLS on the tables in the private schema?

has anyone tried using pgaudit instead of supa_audit?

i am trying to delete the first user from the dhasboard, however it just gives me this error when i press it

Failed to delete user: failed to delete user: update or delete on table "users" violates foreign key constraint "profiles_id_fkey" on table "profiles"

I want to search but if I don't type the full word I get no results. How can I get result without the full word?