Allow selecting by ID but not listing rows

[ianobermiller]

I have an app that lets you create a calendar. I want you to be able to mark a calendar as publicly visible so anyone can view, but not edit it, with the link.

I can do this easily with row-level security. However, once I do so, it is trivial for users to also query ALL publicly visible calendars. Is there any way to require a query to specific an ID with row-level security?