https://supabase.com/ logo
Join Discord
Powered by
hey guys, question not sure why but if i have RLS...
# help
a
hey guys, question not sure why but if i have RLS on and i fetch data from svelte endpoint its only working if RLS is off however if i fetch the data from my store, it works, Im not sure if my authentication is the issue that is causing it
n
Hello @Ape R Us! This thread has been automatically created from your message in #843999948717555735 a ``few seconds ago``. Pinging @User so that they see this as well! Want to unsubscribe from this thread? Right-click the thread in Discord (or use the ... menu) and select Leave Thread to unsubscribe from future updates. Want to change the title? Use the 
/title
command! We have solved your problem? Click the button below to archive it.
f
Can u share the fetch part of code ?
n
Ape R Us (2022-04-10)
a
sure
if my endpoint
Copy code
import supabase from '$lib/db';

export const get = async () => {
    try {
        const { data: events, error } = await supabase.from('event').select('*');

        if (error) throw error;

        return {
            body: {
                events
            }
        };
    } catch (e) {
        console.log({ e });
    }
};
and i call it like this
Copy code
{#if events}
    {#each events as profile}
        <div class="flex space-x-10 ">
            <div>{profile.name}</div>
            <div>{profile.is_draft}</div>
            <div>{profile.organiser}</div>
            <div>{profile.user_id}</div>
        </div>
    {/each}
{/if}
that only works if rsl is off
this works with rsl if im using the store
Copy code
export const eventStore = (() => {
    const { subscribe, update, set } = writable({
        allTask: []
    });

    return {
        subscribe,
        update,
        set,

        get: async () => {
            try {
                let { data, error } = await supabase.from('event').select('*');

                update((state) => {
                    state.allTask = data;
                    return state;
                });

                // update((state) => (state = { ...state, allTask: data })); //this is another way of writing it
                if (error) throw error;
            } catch (e) {
                console.log(e.message);
            } finally {
                console.log('hey');
            }
        }
    };
})();
and i call it like this
Copy code
{#await eventStore.get() then re}
    {#each $eventStore.allTask as event}
        <div class="mt-10">{event.name}</div>
    {/each}
{/await}
the authstate has a flicker of undefined and then it registers the user so im not sure if that has something to play with it
Copy code
export const user = readable(null, (set) => {
    set(supabase.auth.user());
    const unsubscribe = supabase.auth.onAuthStateChange((_, session) => {
        session ? set(session.user) : set(null);
    });
    return () => {
        unsubscribe.data.unsubscribe();
    };
});
g
An easy check is to have RLS on and set policy to role()="anon" if that works, then you don't have a valid user token when you do the select. But that is very likely your case based on your last comment 'flicker' of undefined user.
a
yea i think the issue is that i need to have a cookie to store the log in state i think. not sure
is there a demo of how to properly use the setauth for supabase and svelte?
g
svelte, or svelte-kit? Either way there is a variety of stuff out there, but the server side stuff mainly seems to be going on here: https://github.com/supabase-community/supabase-auth-helpers which at the moment will only give you hints from other frameworks. On github supabase discussions you might search, I've seen several discussion there. Otherwise, I'm not much help as I use Svelte-Kit, but static only, so don't mess with serverside stuff.
a
sveltekit
man, i just tryna fix this cookie problem for like 2 weeks now
idk how their isnt a clear way to do this yet 😦
g
silentworks is working on adding sveltekit there, but lots of stuff in github discussion and he has a repository already somewhere he has linked several times.
a
so going to go through it, btw one last question
how should something like this be solved im creating a website like eventbrite the published events on the homepage, should be seen by everyone but only the auth user who created the event should be able to access the backend to see the event and update it accordingly im thinking for read access isPublished = true would mean that everyone would be able to see it and for update auth.uid() = user_id but then if anyone goes to the backend with the url for the specific link, they would be able to access it not so? access it, meaning would be able to see the data
g
Sort of unclear what you are asking, but there will be a way. If you mean the author needs to see unpublished ones, then your policy would have an or for isPublished or uid()=user_id.
a
nevermind, as i said it out loud i realised it
thanks for all the help
PreviousNext
Powered by