-
Hi Supabase community, I need your help to wrap my head around an RLS statement. I have a
My question is: how to restrict a user with I played around with something like this: team_id in (select team_id from members where auth.uid() = user_id) But it just results in an error saying Any help is appreciated 🙏 |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
Have you checked out discussion #811? This seems very similar to what you're facing |
Beta Was this translation helpful? Give feedback.
-
The issue is that the naive solution causes the following error: team_id in (select team_id from members where auth.uid() = user_id) Now, it seems that using a security definer function works around this issue - for a reason I don't fully understand (it seems that function bypass RLS, hence no recursion). To stick with the example from above, you can solve the problem like this: CREATE OR REPLACE FUNCTION get_teams_for_user(user_id BIGINT)
RETURNS SETOF BIGINT
LANGUAGE sql
STABLE
SECURITY DEFINER
SET search_path = public
AS $$
SELECT team_id from members where user_id = $1
$$; All it does is to outsource the CREATE POLICY "Select all memberships of all teams user is part of" ON public.members
FOR SELECT USING (
team_id IN (SELECT get_teams_for_user(uid()))
); Thanks to @praj18 for pointing me in the right direction. |
Beta Was this translation helpful? Give feedback.
The issue is that the naive solution causes the following error:
infinite recursion detected in policy for relation
Now, it seems that using a security definer function works around this issue - for a reason I don't fully understand (it seems that function bypass RLS, hence no recursion). To stick with the example from above, you can solve the problem like this:
All it does is to outsource the
select
statement from the st…