https://supabase.com/ logo
Join Discord
Powered by
Nooby RLS question
# sql
a
Nooby RLS question
So I'm trying this: I have a table flats (for shared flats) and users that can create or join flats. Once I created my flat, a shortcode is generated which I send to my flatmates. They then enter the shortcode and get assigned to the flat. So I need a policy that 1. allows users to only select their own flats 2. allows users that are not in a flat select a flat by its shortcode any suggestions?
Can I access the where clause of the request inside a policy? For example: 
supabase.from("flats").select("id").eq("shortcode, "my_shortcode")
returns only the row that has the specific shortcode?
s
Sure you can run queries inside of your RLS policies
a
I know, what I‘m trying is to access the shortcode from the .eq function inside the policy.
s
That’s literally translates to a 
WHERE
clause, you can only run SQL inside of a RLS policy
a
I think I need to clarify (I leave out unrelevant columns): I have a table 
profiles(PK id, FK flat_id)
and a table 
flats(PK id, shortcode)
. Every user can live in a flat. So user "A" is in a flat and wants to invite "B" to join. 
flat.shortcode
is a random x-letter code. So A sends B the shortcode, which is then entered into the app. Now the problem is: My RLS policy for selecting flats allows users to only see the flat assigned to their profile like this: 
(id = ( SELECT profiles.flat_id FROM profiles WHERE (profiles.id = uid())))
. That's why the query of B returns no rows.
I want to update the policy to: If profiles flat_id is set, return only this one. If not, return only the one with the given shortcode.
s
You can use an OR in the WHERE part of your query
PreviousNext
Powered by