https://supabase.com/ logo
Join Discord
Powered by
haven't used it myself, but I should be able to he...
# sql
p
haven't used it myself, but I should be able to help you with it 😅 Do let me know if you get stuck
j
Copy code
create policy "A test"
  on companies
  for all using (
    auth.uid() in (
      select user_id from connections
      where company_id = id
    )
  );
would have hoped that this sholud work, but no luck :/
My companies table has a id column, and that id column is referenced in the connections table with the name company_id
p
This looks fine to me for select, update and delete. However, for insert this shouldn't work, since when a user is trying to create a new company, there is no entry for that company in the connections table
Are you facing issues with the select, update & delete queries as well?
can you try the following?
Copy code
sql

create policy "Anyone can create a company" on companies for insert with check (true);

create policy "Users can view companies they are connected to" on companies for select using (exists (select 1 from connections where user_id=auth.uid() and company_id=id))

create policy "Users can update companies they are connected to" on companies for update with check (exists (select 1 from connections where user_id=auth.uid() and company_id=id))

create policy "Users can delete companies they are connected to" on companies for delete using (exists (select 1 from connections where user_id=auth.uid() and company_id=id))
j
I got this one to work last night, didn't try to insert thou, but that wouldn't be a problem in my case, since I use a protected API route in my NextJS application that does all the insert, and that route is using the anon key.
Copy code
(
  uid() IN (
    SELECT
      connections.user_id
    FROM
      connections
    WHERE
      (connections.company_id = companies.id)
  )
)
A question: wouldn't this policy enable everyone to insert to the companies table? Even unauthorized users?
Copy code
create policy "Anyone can create a company" on companies for insert with check (true);
PreviousNext
Powered by