https://supabase.com/ logo
Join Discord
Powered by
I'm completely stuck :/ I've written a helper fun...
# help
a
I'm completely stuck :/ I've written a helper function called 
is_admin()
which checks a table where I've stored user ids and roles. All it does is pretty much 
return exists(select * from user_role where "user" = auth.uid() and role = 'admin'
. In flutter, I tested this and it gives me a true value :). Now, I wanted to apply this to row level policies. It's simple: if someone wants to edit a specific table, 
is_admin()
just needs to return true however, my requests get rejected all the time. Why?
n
Hello @Albert [tox/cis]! This thread has been automatically created from your message in #843999948717555735 a few seconds ago. We have already mentioned the @User so that they can see your message and help you as soon as possible! Want to unsubscribe from this thread? Right-click the thread in Discord (or use the ``...`` menu) and select "Leave Thread" to unsubscribe from future updates. Want to change the title? Use the ``/title`` command! We have solved your problem? Click the button below to archive it.
g
Does user_role have rls on it for select?
n
Albert [toxcis] (2022-05-07)
a
no it does not
g
rls is off?
a
It's off
The function is executed as 
security invoker
if flutter returns true, so should a row level policy right?
g
You mean you call it with rpc from flutter? Can you show your function?
a
Sure
Copy code
create or replace function is_admin() returns boolean as $$
begin
  if exists(select * from user_role where "user" = auth.uid() and role = 'admin') then return true;
  else return false;
  end if;
end
$$ language plpgsql security invoker;
I call this in flutter using
Copy code
var x = (await Supabase.instance.client
    .rpc('is_admin')
    .select()
    .execute());
print(x.data);
which prints 
true
g
I agree then that user_role is accessible and should be also for a select call in a policy. What is your policy?
a
I have 2 policies in place for insertion and deletion
g
does it work for select if you try it?
a
I've never tried since I only query from it through functions
I'll try it now
Thanks for your time and effort 🙂
g
insert needs select unless you set a flag
I'm thinking on delete you will need select too if you use a filter.
a
Select does work with is_admin()
thanks, I'll try that
aha! You're right
Thanks a lot 🙏
n
Thread was archived by @Albert [tox/cis]. Anyone can send a message to unarchive it.
PreviousNext
Powered by