get_claim functionality does work in SQL interface not in client-side RPC.

Question

get_claim functionality does work in SQL interface not in client-side RPC.

philmas opened this issue a year ago · 1 comments

Bug report

Describe the bug

I am using the get_claim functionality inside a function (security definer) as a way to filter and allow/disallow return values from a table. However, it seems that the JSONB object or something else is messing up and not working.

To Reproduce

Either I obtain no error but no values or I obtain the following error : { code: '22023', details: null, hint: null, message: 'cannot extract elements from an object' }

Code

On client side I am using something like:

const { data, error: queryError } = await supabase.rpc("get_filtered_aggregated_info", {
		user_id: session.user.id
	});

In postgresql, the function is:

CREATE OR REPLACE FUNCTION get_filtered_aggregated_info(
    user_id uuid,
   -- more fields
)
RETURNS SETOF private.table
SECURITY DEFINER 
AS $$
DECLARE
    query TEXT;
    user_bes TEXT[];
BEGIN
    user_bes := ARRAY(
        SELECT jsonb_array_elements_text(get_claim(user_id, 'be'))
    );
    query := 'SELECT * FROM private.table WHERE be = ANY($1)';

     -- more stuff

    RETURN QUERY EXECUTE query USING user_bes; -- more stuff
END;
$$ LANGUAGE plpgsql;

However select * from get_filtered_aggregated_info('some_id'); works perfectly fine. Can you help me out. I figured out that the issue lies in

user_bes := ARRAY(
        SELECT jsonb_array_elements_text(get_claim(user_id, 'be'))
    );

so something is going wrong with casting? or is it a permission issue?

Answer 1 · 2023-12-17T20:17:25.000Z

Solution has been found. I was committing several dumb overlooks and did not specify search_path.