adds a lint to check if there are any policies that allow access to anonymous users
What is the current behavior?
currently, if a user enables anonymous sign-ins for their project, they need to manually check existing RLS policies to see if any of them are compromised.
What is the new behavior?
this lint will highlight any policies that:
are associated to the authenticated, public, or any other role members
policies that don't contain the auth.jwt()->>'is_anonymous' expression in the policy definition
blocked on deciding how we can run lints conditionally on the platform - currently, there's no way to conditionally execute a lint from the splinter.sql file
What kind of change does this PR introduce?
What is the current behavior?
What is the new behavior?
authenticated
,public
, or any other role membersauth.jwt()->>'is_anonymous'
expression in the policy definitionAdditional context
Add any other context or screenshots.