seanmturley / common-ground

0 stars 0 forks source link

Add RLS policies to Supabase tables #47

Open seanmturley opened 3 days ago

seanmturley commented 3 days ago

Description

None of the public Supabase tables have any RLS policies defined, which means that most or all actions on the tables are disabled. For example, without at least one appropriate RLS policy for matchmaking_queue it is not possible to INSERT a player, as required for #39.

Tasks

[ ] Allow players to join the matchmaking_queue

seanmturley commented 2 days ago

The SQL snippet has been used to add a policy that allows authenticated users to INSERT themselves into the matchmaking_queue:

-- Creates an RLS policy
create policy "Players can join the matchmaking_queue"
on public.matchmaking_queue for insert
to authenticated
with check ( (select auth.uid()) = player_id );

This has turned out more complex than expected, as additional work is required to pass authentication information to the database. Issue #48 has been raised to implement this.