https://supabase.com/ logo
Join Discord
Powered by
I created a policy for my "profiles" table so that...
# help
s
I created a policy for my "profiles" table so that users only can create a new row if they are logged in. But when I actually try to insert data after sign up (email confirmation disabled) I still get RLS violation error. Any hints?
This is how I insert:
Copy code
const resProfile = await supabase.from("profiles").insert({
                "first_name": dto.firstName,
                "last_name": dto.lastName
            })
g
You also have to have a Select USING RLS as Supabase does a select on insert by default, or tell it not to do the select part with returning set to minimal
s
@User These are the policies I have for the table:
Still getting an error though.
g
You need to insert a uid if you are checking for uid on select.
s
Not sure I understand by inserting an uid. Don't all users have an uid?
g
you are checking the column user_id against the logged in users uid in the select, but you don't set it in your insert. Are you meaning to do an update?
s
argh okay. So like this:
Copy code
(
  (role() = 'authenticated':: text)
  AND (uid() = user_id)
)
g
No. When you actually do the insert you need to include the user_id column and uid in your api call, other wise it is not set in the database row and the select will fail.
In your insert RLS if you check uid then you don't need to check authenticated as only authenticated users have a uid.
s
Thanks. I get it now 😄 I was just trying to follow the guides but ended up lost. It works now 😛
z
oh I did not know this, thanks!
PreviousNext
Powered by