issue with setting up RLS with text field and get_my_claim

Question

issue with setting up RLS with text field and get_my_claim

AvidDabbler opened this issue 2 years ago · 1 comments

One issue that i am seeing is that when i go to create an RLS is that the policy is rejected. I have 2 users where I have successfully setup a string in the claims object and it returns correctly as a jsonb type. The field that I am trying to compare it to is a text field and when I setup the RLS statement I am getting type issues on validation. when I tried to do some type tweeks it breaks my front end.

simple docs recommendation

get_my_claim('agency') = agency_s3_id

This is what i originally put and it is giving me a jsonb = text. Which makes sense since get_my_claim returns jsonb and agency_s3_id is a text field, but when I update to the full recommended example it still does not work.

type tweeks

((get_my_claim('agency'::text)) = agency_s3_id::jsonb)

Full script

BEGIN;
  ALTER POLICY "Enable select for users based on agency claim" ON "public"."agencies" USING (((get_my_claim('agency'::text)) = agency_s3_id::jsonb));
  ALTER POLICY "Enable select for users based on agency claim" ON "public"."agencies" RENAME TO "Enable select for users based on agency claim";
COMMIT;

breaks front end

The above passes, but when i load the page i get back invalid input syntax for type json with the value for the field agency_s3_id when passing in stlouis

Answer 1 · 2022-11-08T16:58:36.000Z

Type conversion in Postgres can be tricky. Try converting the result of get_my_claim to text with ::text and then compare it to a text version of agency_s3_id. Or you can modify the get_my_claim function to return text instead of jsonb.