RLS keeps getting violated, while I think I followed the docs
jurb opened this issue · 1 comments
Bug report
Describe the bug
I can't get the get_my_claim
function to work properly with RLS. I keep getting a new row violates row-level security policy for table "cases2"
error on update, insert or delete. I think I pretty closely followed the 'userrole = "manager"' example from the docs.
To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
- I created a 'yutpa_role' claim, and correctly see that the right user has 'facilitator' as a value for that claim in supabase, and in the browser
- I created RLS policies for select, insert, update and delete that all have
(get_my_claim('yutpa_role'::text) = '"facilitator"'::jsonb)
in them. - For selecting this seems to work: it only shows the rows to the users with that role.
- For the other function like update or delete, I get
new row violates row-level security policy for table "cases2"
I can't figure out for the life of me why this doesn't work :)
Of course, I figured out what I did wrong right after posting this issue :) Apologies!
I am writing my app in Sveltekit, and accidentally loaded in the supabase client clientside via +page.svelte
, while I should have passed the client serverside from page.server.ts
, because that's also the place where the session of the user is handled.