Supabase is an open source Firebase alternative. Start your project with a Postgres database, Authentication, instant APIs, Edge Functions, Realtime subscriptions, and Storage.

Supabase

Hi

I need help with row level security. I am struggling to get it working. 
I have a table called `lists` with a `user_id` column. I keep trying to add a rule for `auth.uid() = user_id`, it adds successfully. However, it doesn't work. The first thing that looks funny is that on the policies view it shows as "ALL Users can only see their own lists `(uid() = user_id)`" with `uid()` on its own instead of `auth.uid()`. Furthermore when I then try to access rows it returns nothing.

Hello <@584362802911641611>!
This thread has been automatically created from your message in <#843999948717555735> a ``few seconds ago``.

Pinging <@&951828363943759883> so that they see this as well!

**Want to unsubscribe from this thread?**
Right-click the thread in Discord (or use the ... menu) and select **Leave Thread** to unsubscribe from future updates.

**Want to change the title?**
Use the `/title` command!

**We have solved your problem?**
Click the button below to archive it.

is user_id type uuid?  The policy editor does only show uid() even if you used auth.uid() which is not helpful.  
Try changing your policy to auth.role() = 'anon' and see if that works, if it does you don't have a signed in user, even though you think you do.

yes `user_id` is type `uuid` and has a foreign key relationship to `auth.users.id`

if I access `supabase.auth.user()` in my frontend code I get a user. could it still be that I'm anon?

so changing the Policy to `auth.role() = 'anon' ` gets me back to seeing all results

or if I change it to `id = 2` or something similar it also does what I'd expect

if I run this in the sql editor it works too 
`select * from lists where user_id = (select id from users offset 1 limit 1)`

maybe as a general question. How do I debug RLS Policies? Or how do I debug whether my request is actually logged in?

OK you were right. I'm using NextJS. When I request the data in `getServerSideProps`, I'm not logged in

major banana peel. I'm finding the `magic` that the supabase package provides a little confusing

My next qeustion was going to be server side stuff?

Many people are going to auth-helpers https://github.com/supabase-community/supabase-auth-helpers for serverside stuff.  But it still has a few issues too.   Seems balancing authentication between the server and the client is difficult.

i suppose it's a weird "no man's land" between NextJS and supabase, but I thought it would have "just worked"

trawling through auth-helpers now, thanks

I watched https://www.learnwithjason.dev/build-an-app-with-supabase-and-nextjs

but they're sneaky in that. The policy they implement there is that anon users can only see unpublished posts. They don't actually implement "users can only see their own {x}" type policies

I'm of no help on server side stuff as I'm doing a static PWA app.  If you have more questions along that line you should start a new thread to get eyes on it.