I came across one issue when trying to perform an INSERT on a table where the user only has INSERT priviledges enabled in RLS and not SELECT permission. The use case is for example an application where a user can provide anonymous feedback that gets added to the database, but is not allowed to view any submitted feedback.
Currently the library defaults to return type representation as it is hardcoded in the database class:
To fix the issue about RLS blocking the INSERT due to the added SELECT query it needs to be changed to return=minimal if required which is currently not supported. My suggestion would be to default to return type representation in executeDml function but add the option to overwrite this by insert function if set by the user.
Hello,
I came across one issue when trying to perform an INSERT on a table where the user only has INSERT priviledges enabled in RLS and not SELECT permission. The use case is for example an application where a user can provide anonymous feedback that gets added to the database, but is not allowed to view any submitted feedback.
Currently the library defaults to return type representation as it is hardcoded in the database class:
https://github.com/rafaelwendel/phpsupabase/blob/7bfad1cc73bacbf22746973628503ff2725f541e/src/Database.php#L103
To fix the issue about RLS blocking the INSERT due to the added SELECT query it needs to be changed to return=minimal if required which is currently not supported. My suggestion would be to default to return type representation in executeDml function but add the option to overwrite this by insert function if set by the user.
This issue was also once present in Supabase JS library, the discussion can be found here for reference: https://github.com/orgs/supabase/discussions/4107