Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

storage.from.list returning incorrect & incomplete data #1141

Open
2 tasks done
Garett-MacGowan opened this issue May 22, 2024 · 1 comment
Open
2 tasks done

storage.from.list returning incorrect & incomplete data #1141

Garett-MacGowan opened this issue May 22, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@Garett-MacGowan
Copy link

Bug report

  • I confirm this is a bug with Supabase, not with my own application.
  • I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

I am working with supabase storage and have configured RLS policies to read from my bucket. I am trying to read a file where my bucket path is /id_1/id_2/filename.png I have an RLS policy set up with an OR condition which checks that the user has permissions over id_1 or id_2 to get access to the file.

I have confirmed that the RLS policy is correct using the SQL editor impersonation tool. When I do a select statement for the user, the rows are returned as expected. The below works when impersonating the user with the required permissions.

SELECT *
FROM "storage"."objects"

The issue is that the following doesn't return the expected rows:

        const {data, error} = await supabase
          .storage
          .from('item_images')
          .list(id_1)

Instead of returning the full spectrum of data, it returns something like:

{"created_at": null, "id": null, "last_accessed_at": null, "metadata": null, "name": "XXXXXXXX-XXXX-XXX", "updated_at": null}

I've redatected the name here, but I inspected it, and it is incorrectly assigning the name field with the owner ID instead of the file name, not to mention all of the other fields are null for some reason.

Here's my auth policy, roughly:

create policy "Users can select from group and self"
on "storage"."objects"
as permissive
for select
to authenticated
using (((((storage.foldername(name))[2])::uuid = auth.uid()) OR is_member_of_group(((storage.foldername(name))[1])::uuid)));

Expected behavior

I expect that listing the objects returns the correct data.

System information

  • OS: Windows
  • Version of supabase-js: [2.43.1]
  • Expo (React Native): 50.0.18
@Garett-MacGowan Garett-MacGowan added the bug Something isn't working label May 22, 2024
@RohitBagade
Copy link

hi @Garett-MacGowan, I would Like to work on this. how should I Reproduce this??

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants