https://supabase.com/ logo
#help
Title
# help
j

Jenaro Calvino

06/10/2022, 11:03 PM
Hey everyone, I'm the worst at SQL and I'm trying to create a RLS policy as follows: Plan ---- id, isPublic, ... PlansOnUsers ---- planId, userId Grant access to Plans only when plan isPublic = true or when user is accessing a plan with their own userId, does that make any sense? Is it possible?
n

Needle

06/10/2022, 11:03 PM
Hello @Jenaro Calvino! This thread has been automatically created from your message in #843999948717555735 a few seconds ago. We have already mentioned the @User so that they can see your message and help you as soon as possible! Want to unsubscribe from this thread? Right-click the thread in Discord (or use the ``...`` menu) and select "Leave Thread" to unsubscribe from future updates. Want to change the title? Use the ``/title`` command! We have solved your problem? Click the button below to archive it.
g

garyaustin

06/10/2022, 11:16 PM
Not tested, but probably something like (mainly copied from : https://supabase.com/docs/guides/auth/row-level-security#policies-with-joins)
Copy code
select using (
    is_public = true OR auth.uid() in (
      select user_id from plans_on_users
      where plan_id = id
    )
)
If you are really using capital letters then all the names in double quotes like "isPublic". Unless you are being forced to by something like Prisma, it is a bad idea to use caps in Postgres.
j

Jenaro Calvino

06/10/2022, 11:17 PM
Thanks! I'll try this out, yeah exactly, all the caps are because of prisma 😓
where is the "id" field coming from? Is there access to anything in the row level there? Sorry, REAL noob here haha
g

garyaustin

06/10/2022, 11:24 PM
id is from your Plan table which your RLS is on correct? If you have id in PlansOnUsers then might have to do "Plan".id or some such when caps are involved...
j

Jenaro Calvino

06/10/2022, 11:42 PM
Yeah it worked! I just didn't realize you could access the fields of the row in the where clause like that