Almost every backend route that has something to do with a list has to first make a call to the DB to check if the currently logged in user is the owner or a collaborator in the list they're trying to make a change in or view. This results in at least 2 round trips per call, one to check permissions and one to actually get the data or make the change. This is wasteful. Using Supabase RLS we can let the database handle this automatically. This would result in less calls, less latency, and more SCALE to the MOON 🚀.
However, it does appear difficult to do this right now using Drizzle or Prisma, since that connects to the database directly using the database password, and assumes the role of the admin (I think). Maybe in the future once I finally get to implementing this thing they'll have made a change to allow this to be easier. We'll see.
linear[bot]
commented
6 months ago
Almost every backend route that has something to do with a list has to first make a call to the DB to check if the currently logged in user is the owner or a collaborator in the list they're trying to make a change in or view. This results in at least 2 round trips per call, one to check permissions and one to actually get the data or make the change. This is wasteful. Using Supabase RLS we can let the database handle this automatically. This would result in less calls, less latency, and more SCALE to the MOON 🚀.
However, it does appear difficult to do this right now using Drizzle or Prisma, since that connects to the database directly using the database password, and assumes the role of the admin (I think). Maybe in the future once I finally get to implementing this thing they'll have made a change to allow this to be easier. We'll see.