Hi I need help with row level security. I am stru...
# help
s
Hi I need help with row level security. I am struggling to get it working. I have a table called
lists
with a
user_id
column. I keep trying to add a rule for
auth.uid() = user_id
, it adds successfully. However, it doesn't work. The first thing that looks funny is that on the policies view it shows as "ALL Users can only see their own lists `(uid() = user_id)`" with
uid()
on its own instead of
auth.uid()
. Furthermore when I then try to access rows it returns nothing.
n
Hello @Simey! This thread has been automatically created from your message in #843999948717555735 a ``few seconds ago``. Pinging @User so that they see this as well! Want to unsubscribe from this thread? Right-click the thread in Discord (or use the ... menu) and select Leave Thread to unsubscribe from future updates. Want to change the title? Use the
/title
command! We have solved your problem? Click the button below to archive it.
g
is user_id type uuid? The policy editor does only show uid() even if you used auth.uid() which is not helpful. Try changing your policy to auth.role() = 'anon' and see if that works, if it does you don't have a signed in user, even though you think you do.
n
Simey (2022-04-18)
s
yes
user_id
is type
uuid
and has a foreign key relationship to
auth.users.id
if I access
supabase.auth.user()
in my frontend code I get a user. could it still be that I'm anon?
so changing the Policy to
auth.role() = 'anon'
gets me back to seeing all results
or if I change it to
id = 2
or something similar it also does what I'd expect
what else could I be doing wrong?
if I run this in the sql editor it works too
select * from lists where user_id = (select id from users offset 1 limit 1)
maybe as a general question. How do I debug RLS Policies? Or how do I debug whether my request is actually logged in?
OK you were right. I'm using NextJS. When I request the data in
getServerSideProps
, I'm not logged in
major banana peel. I'm finding the
magic
that the supabase package provides a little confusing
g
My next qeustion was going to be server side stuff?
Many people are going to auth-helpers https://github.com/supabase-community/supabase-auth-helpers for serverside stuff. But it still has a few issues too. Seems balancing authentication between the server and the client is difficult.
s
thanks
this is quite disappointing
i suppose it's a weird "no man's land" between NextJS and supabase, but I thought it would have "just worked"
this is quite a pain
trawling through auth-helpers now, thanks
but they're sneaky in that. The policy they implement there is that anon users can only see unpublished posts. They don't actually implement "users can only see their own {x}" type policies
g
I'm of no help on server side stuff as I'm doing a static PWA app. If you have more questions along that line you should start a new thread to get eyes on it.
s
Thanks. i'll try the helpers thing
the helpers worked, thank you