Closed steve-chavez closed 4 months ago
Wait, this is not useful in real code, right? This can only be a debugging hint in a case "I don't see any rows", correct?
Yes, it's only a debugging hint. I'm not sure what's the right way, I also thought of a special response header like:
GET /projects
X-Pgrst-Affected-By-RLS: true
[]
Which could be added automatically by us by checking if the table has RLS and if the impersonated role would be affected.
While I can understand that we want to help our users.. I don't think we need to solve all of the problems for them. When they are advanced enough to enable and use RLS - then they should be able to debug this without PostgREST.
Problem
RLS filters rows silently, this trips a lots of newcomers when trying PostgREST on a table with RLS enabled. See https://github.com/PostgREST/postgrest/discussions/3189
Solution
Recommend using row_security, this will give a clear error when enabled.
Perhaps we should add a
Prefer: row-security
so users can activate it per request?