It s weird that a user cannot INSERT a new record if it does Supabase #help

It's weird that a user cannot INSERT a new record ...

carlomigueldy.eth

08/03/2021, 7:40 AM

It's weird that a user cannot INSERT a new record if it does not satisfy my SELECT policy! I don't know what went wrong, need someone to check it out if you've been working with policies a lot

Copy code

sql
ALTER TABLE conversations ENABLE ROW LEVEL SECURITY;

DROP POLICY IF EXISTS "Allow read access only to involved participants" ON public.conversations;

CREATE POLICY "Allow read access only to involved participants" 
ON public.conversations 
FOR SELECT USING ( 
  auth.uid() IN (
    SELECT user_id 
    FROM conversation_participants 
    WHERE conversation_id = id
  ) 
);

DROP POLICY IF EXISTS "Allow create access to conversations" ON public.conversations;

CREATE POLICY "Allow create access to conversations"
ON public.conversations
FOR INSERT WITH CHECK ( true );

DROP POLICY IF EXISTS "Allow update access to conversations" ON public.conversations;

CREATE POLICY "Allow update access to conversations"
ON public.conversations
FOR UPDATE WITH CHECK ( true );

DROP POLICY IF EXISTS "Allow delete access to conversations" ON public.conversations;

CREATE POLICY "Allow delete access to conversations"
ON public.conversations
FOR DELETE USING ( true );

silentworks

08/03/2021, 9:11 AM

Can you run just this query inside of the SQL editor and make sure the results are correct first

Copy code

sql
SELECT user_id 
    FROM conversation_participants 
    WHERE conversation_id = id

carlomigueldy.eth

08/03/2021, 9:23 AM

Ok I am going to try that @User

carlomigueldy.eth

08/03/2021, 9:40 AM

Yes it works @User It returns results. So basically it evaluates to true...

silentworks

08/03/2021, 9:41 AM

So your policies above should be working unless there is a delay in when a new participant is added to when the select policy get read

carlomigueldy.eth

08/03/2021, 9:42 AM

Oh wow.. Hmmm

silentworks

08/03/2021, 9:42 AM

That shouldn't happen, but thats the only logic reason I can think of

carlomigueldy.eth

08/03/2021, 9:43 AM

In my query, I create a record for a conversation, then right after it I will create records for conversation_participants But it's always failing when I attempt to create a new record for a conversation with that policy

carlomigueldy.eth

08/03/2021, 9:43 AM

It's pretty strange

silentworks

08/03/2021, 9:44 AM

I just read this in the docs and think you should try it

Copy code

By default, every time you run insert(), the client library will make a select to return the full record. This is convenient, but it can also cause problems if your Policies are not configured to allow the select operation. If you are using Row Level Security and you are encountering problems, try setting the returning param to minimal.

carlomigueldy.eth

08/03/2021, 9:45 AM

Good find! Thanks for looking for this man I might have to think of another solution or policy

Previous Next