Hello everyone 👋 I'm sorry I'm a bit stuck... I'm building something a simple version of a "youtube clone", and I'd need some help with policies. I'd like to make the video file only accessible if the related

videos

table that is linked to the file, says it's "public". More about this structure in this thread

Hello @mendo! This thread has been automatically created from your message in #843999948717555735 a few seconds ago. We have already mentioned the @User so that they can see your message and help you as soon as possible! Want to unsubscribe from this thread? Right-click the thread in Discord (or use the ``...`` menu) and select "Leave Thread" to unsubscribe from future updates. Want to change the title? Use the ``/title`` command! We have solved your problem? Click the button below to archive it.

Basically I have a bucket called "videos" and a table called "videos" The videos get uploaded to

/videos/{auth.id()}/{uuid}.mp4

And on the "videos" table, a new record get's added with

id = uuid

title = string

description = string

privacy = "public" | "private"

So under the storage policies I'd like to query the filename as the row id, and check if the video is public or not...

🆕 Policy for checking permissions for file depending on DB row

I noticed that the provided examples adds the privacy as part of the folder structure

sql
LOWER((storage.foldername(name))[1]) = 'public'

Is this the recommended way to do it?

You can add a select and check if the column privacy result = "public" as part of the RLS. You could also use a function declared with "stable" which takes your id in and returns true or false based on privacy column. You can also add public/private as part of the path as a way, but if they change then you have to move the file between paths. I think the bigger question is what you are thinking of as public? Unless you declare the bucket public you would have to issue signed urls in a normal bucket. If the bucket is public, then at least by using a uuid for the name of the file, the file is very hard to find if it is supposed to be private. There is no RLS check for a public bucket URL(path name).