Hey everyone I m trying to build an RLS policy that checks i Supabase #sql

Hey everyone, I'm trying to build an RLS policy th...

jaitaiwan

05/18/2022, 11:49 PM

Hey everyone, I'm trying to build an RLS policy that checks if a text[] contains a particular value. The text[] is returned from a function and that function grabs it's value from a table:

Copy code

create or replace function public.user_orgs() returns uuid[] as $$
  select array_agg(org_id) from users_orgs where user_id = auth.uid() limit 1;
$$ language sql stable;

And the RLS policy has a

WITH CHECK

that I'm trying to make work like this:

Copy code

"admin" in (select roles from users_orgs where user_id = auth.uid() and org_id = orgs.id)

If I use admin in

quotes it interprets it as a column name and if I use

quotes it has a malformed array error.

tourdownunder

05/18/2022, 11:56 PM

single quotes is better though you just have more then 1 issue.

tourdownunder

05/19/2022, 12:00 AM

user_orgs

returns type

uuid[]

how are you magically naming it

roles

when you do call the function / rpc

users_orgs.roles

jaitaiwan

05/19/2022, 12:06 AM

@tourdownunder In the RLS WITH CHECK that I posted I'm not using the function to try to reduce the number of things that is going wrong. Note that there's a table named

users_orgs

and the function is

user_orgs

so that might be where there's some confusion. The

roles

column in

users_orgs

text[]

. Single quotes cause:

malformed array literal: "admin"

tourdownunder

05/19/2022, 12:17 AM

Okay. Is there any other arrays in your RLS policy.

jaitaiwan

05/19/2022, 12:18 AM

Not that I'm aware of?

jaitaiwan

05/19/2022, 12:18 AM

It's just interpreting

'admin'

as an array and getting upset about it I assume?

tourdownunder

05/19/2022, 12:18 AM

its text not possible

jaitaiwan

05/19/2022, 12:19 AM

Unless you're referring to the

roles

which is an array

tourdownunder

05/19/2022, 12:19 AM

whats the full policy

jaitaiwan

05/19/2022, 12:20 AM

Copy code

CREATE POLICY "Allow org modifications by admins" ON "public"."orgs"
AS PERMISSIVE FOR UPDATE
TO authenticated, service_role
USING ('admin' in (select roles from users_orgs where user_id = auth.uid() and org_id = orgs.id limit 1))

tourdownunder

05/19/2022, 12:21 AM

You should be able to add the

'admin'

to within the where statement and remove the in all together.

jaitaiwan

05/19/2022, 12:22 AM

where roles = 'admin'

you mean? and it will automagically look into the array?

tourdownunder

05/19/2022, 12:23 AM

so roles is an array ?

tourdownunder

05/19/2022, 12:23 AM

so you can't use

in

tourdownunder

05/19/2022, 12:24 AM

you need to use an array opperation

tourdownunder

05/19/2022, 12:25 AM

the docs are good for this : https://www.postgresql.org/docs/14/functions-array.html

tourdownunder

05/19/2022, 12:25 AM

though you will likely need to cast

'admin'

as an array with the only 1 element to have some success.

tourdownunder

05/19/2022, 12:27 AM

I think this is what you want here: > anyarray <@ anyarray → boolean > > Is the first array contained by the second? > > ARRAY[2,2,7] <@ ARRAY[1,7,4,2,6] → t

jaitaiwan

05/19/2022, 12:27 AM

Awesome, I don't know how I missed this thanks

Previous Next