Description
Build integration tests that systematically verify Row Level Security policies are enforced across every table in the schema, ensuring complete coverage of the authorization layer.
Requirements and Context
- Security: Every table with sensitive data must have verified RLS enforcement
- Testing: Extend
supabase/tests/rls/policy-verification.test.ts
- Documentation: Update
docs/rls-audit.md with the full coverage matrix
Suggested Execution
Branch: test/issue-049-supabase-rls-full-coverage-tests
Implement Changes
- Enumerate all tables and add RLS enforcement tests for each
- Test that anonymous access is denied for all protected tables
- Test that authenticated users can only access their own rows
- Update
docs/rls-audit.md with a complete per-table coverage matrix
Test and Commit
- Every protected table must have RLS enforcement tests
- Cover anonymous denial and per-user isolation
- Update the RLS audit matrix to reflect full coverage
Example Commit Message
test(rls): add integration tests for RLS enforcement across all tables
- Enumerate and test RLS for every protected table
- Test anonymous denial and per-user isolation
- Update rls-audit.md with full coverage matrix
Guidelines
- Use separate Supabase client contexts per simulated user
- Never use the service role key in RLS enforcement tests
- Keep the coverage matrix in sync with the migration files
Description
Build integration tests that systematically verify Row Level Security policies are enforced across every table in the schema, ensuring complete coverage of the authorization layer.
Requirements and Context
supabase/tests/rls/policy-verification.test.tsdocs/rls-audit.mdwith the full coverage matrixSuggested Execution
Branch:
test/issue-049-supabase-rls-full-coverage-testsImplement Changes
docs/rls-audit.mdwith a complete per-table coverage matrixTest and Commit
Example Commit Message
Guidelines