storage.from.list returning incorrect & incomplete data

[Garett-MacGowan]

Bug report

• I confirm this is a bug with Supabase, not with my own application.
• I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

I am working with supabase storage and have configured RLS policies to read from my bucket. I am trying to read a file where my bucket path is /id_1/id_2/filename.png I have an RLS policy set up with an OR condition which checks that the user has permissions over id_1 or id_2 to get access to the file.

I have confirmed that the RLS policy is correct using the SQL editor impersonation tool. When I do a select statement for the user, the rows are returned as expected. The below works when impersonating the user with the required permissions.

SELECT *
FROM "storage"."objects"

The issue is that the following doesn't return the expected rows:

        const {data, error} = await supabase
          .storage
          .from('item_images')
          .list(id_1)

Instead of returning the full spectrum of data, it returns something like:

{"created_at": null, "id": null, "last_accessed_at": null, "metadata": null, "name": "XXXXXXXX-XXXX-XXX", "updated_at": null}

I've redatected the name here, but I inspected it, and it is incorrectly assigning the name field with the owner ID instead of the file name, not to mention all of the other fields are null for some reason.

Here's my auth policy, roughly:

create policy "Users can select from group and self"
on "storage"."objects"
as permissive
for select
to authenticated
using (((((storage.foldername(name))[2])::uuid = auth.uid()) OR is_member_of_group(((storage.foldername(name))[1])::uuid)));

Expected behavior

I expect that listing the objects returns the correct data.

System information

• OS: Windows
• Version of supabase-js: [2.43.1]
• Expo (React Native): 50.0.18

[RohitBagade]

hi @Garett-MacGowan, I would Like to work on this. how should I Reproduce this??