https://supabase.com/ logo
#help
Title
# help
j

joshcowan25

05/20/2022, 3:00 AM
With Row Level Security (RLS), how would I define that you can only insert content if you have the role level of 42 for example? I have a user table in my public schema and I have the user id + the role level. would it work it I did something like auth.id() = user.id AND user.role = 42? Do I have to 'import the tables' or are all tables accessible from security policy?
n

Needle

05/20/2022, 3:00 AM
Hello @joshcowan25! This thread has been automatically created from your message in #843999948717555735 a few seconds ago. We have already mentioned the @User so that they can see your message and help you as soon as possible! Want to unsubscribe from this thread? Right-click the thread in Discord (or use the ``...`` menu) and select "Leave Thread" to unsubscribe from future updates. Want to change the title? Use the ``/title`` command! We have solved your problem? Click the button below to archive it.
g

garyaustin

05/20/2022, 3:23 AM
You can access other tables. The policy is like an extra where clause returning true or false. Just be careful of getting too complex as they can run on every row of a table.
n

Needle

05/20/2022, 3:23 AM
joshcowan25 (2022-05-20)
j

joshcowan25

05/20/2022, 3:40 AM
I don't get why It doesn't work: EXISTS (SELECT 1 FROM users WHERE auth.uid() = users.id AND users.role = 42);. Any clue?
g

garyaustin

05/20/2022, 3:43 AM
Is the role also in the same table you are protecting?
j

joshcowan25

05/20/2022, 3:44 AM
No, I'm trying to secure storage bucket
g

garyaustin

05/20/2022, 3:46 AM
Try putting schemas in front of users for public or auth. Is role an int and not an array?
j

joshcowan25

05/20/2022, 3:48 AM
I just tried that, but still not working. Role is a int2
And I tried by changing 42 to '42'::smallint
g

garyaustin

05/20/2022, 3:51 AM
Is there RLS on the users table? You are testing with a Select on storage it looks like.
j

joshcowan25

05/20/2022, 3:53 AM
Euhm, no I don't have RLS enable for now on users
g

garyaustin

05/20/2022, 3:56 AM
Does it work with just uid or role part separately?
j

joshcowan25

05/20/2022, 3:59 AM
No difference 😦
g

garyaustin

05/20/2022, 4:01 AM
OK just use auth.role()='authenticated' alone as the policy. Then if that does not work, auth.role() = 'anon'
j

joshcowan25

05/20/2022, 4:07 AM
Authenticated didn't work, but anon did...
g

garyaustin

05/20/2022, 4:07 AM
So you don't have a user signed in or its jwt token being set when you make the storage call.
j

joshcowan25

05/20/2022, 4:09 AM
Just console.log my session.user and I'm authenticated. What do you mean by "jwt token being set when you make the storage call" ?
g

garyaustin

05/20/2022, 4:12 AM
You need to check the user right before your storage call. Client code normally sets the jwt and keeps it refreshed. If you were calling from serverside code you have to set up the token.
j

joshcowan25

05/20/2022, 4:15 AM
Aaaaah! I just tried to console.log(supabase.auth.session) and it returns null when I call my serverside function. How do I set token with supabase.js?
g

garyaustin

05/20/2022, 4:19 AM
Serverside stuff is something I don't use. It will vary also depending on your framework. There are some tutorials, There is this effort for a few frameworks: https://github.com/supabase-community/supabase-auth-helpers , or search here or github. You could also ask a question with your framework and what you have tried, or are stuck on. In general you have to pass session, cookies or the jwt to your serverside code and then use https://supabase.com/docs/reference/javascript/auth-setauth , but that probably simplifies it a bit.
j

joshcowan25

05/20/2022, 4:20 AM
Alright! Thanks a lot for you wonderful help! Thank you so much!
n

Needle

05/20/2022, 4:30 AM
Thread was archived by @joshcowan25. Anyone can send a message to unarchive it.