0

There is this table "customer" and it has "is_deleted" column. I did to use it for soft deletetion.

And I set policy like below so that I don't have to add is_deleted = false condition everytime I select or join customer table.


  CREATE POLICY "can view customer" ON "public"."customer" USING (((is_deleted = false) AND (EXISTS ( SELECT 1 FROM admin_user WHERE (admin_user.uid = uid())))));

But PATCH request which updates "is_deleted" column doesn't work with this policy.

export const softDeleteCustomer = async(id: number) => {
    await supabaseClient.from('customer').update({
      is_deleted: true
    }).eq('id', id);
}

I get an error saying It's violating row-level security.

{
  "code":"42501",
  "details":null,
  "hint":null,
  "message":"new row violates row-level security policy for table \"customer\""
}

So I just removed is_deleted part in policy and it's working. But I don't get it.

What is the problem of it?

What I'm trying to is not to select table but to update table. Why SELECT policy above is preventing updating is_delete column?

Improve this question

1 Answer 1

Reset to default
0

Why SELECT policy above is preventing updating is_delete column?

Your policy is not only affecting SELECT but all commands. You'd need to add FOR SELECT to be scoped for SELECT:

CREATE POLICY "can view customer" ON "public"."customer" FOR SELECT --..

https://www.postgresql.org/docs/current/sql-createpolicy.html#SQL-CREATEPOLICY-SUMMARY

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.