Slack clone example allows everyone having +admin ...
# off-topicg
gleki
01/06/2022, 3:29 PMSlack clone example allows everyone having +admin email address to get control over the app, right? Any plans on fixing that?
k
ktosiek
01/06/2022, 3:39 PMI think that's by design, see https://github.com/supabase/supabase/tree/master/examples/nextjs-slack-clone#role-based-access-control-rbac
ktosiek
01/06/2022, 3:39 PM(it should be +supaadmin, so if it's +admin then yeah - it's a bug)
g
gleki
01/06/2022, 4:18 PMWell ye i meant supaadmin but nevertheless the boilerplate is not immediately usable
s
Scott P
01/06/2022, 4:26 PMClones of apps should always be considered a starting point or proof of concept. They're rarely intended to be deployed immediately without some changes.
j
jonny
01/06/2022, 8:10 PMI think this example app was intended to show what you can do with postgres functions to easily handle signups.
public.handle_new_user() is a great starting point but perhaps it shouldn't be part of the default schema to start with, and maybe something that you can add later as a more advanced step in setting up your supabase project.
g
gleki
01/07/2022, 11:00 AMMaybe improve the clone to limit emails to a certain domain? Or instead add endpoints for adding roles manually instead of plus-email addresses system