|
|
|
|
|
|
by ruslan_talpa
3300 days ago
|
|
|
That is not actually correct. PostgREST does not "uses the postgres permissions system to decide what tables & views to expose". PostgREST exposes everything within a particular schema and then every call gets translaed into a query and executed.
It's the database (PostgreSQL) that is deciding if the query will be executed or it will raise a permissions error.
PostgREST just kind of says "hey db, this is the current user. Now run this query for him" From a high level, postgrest is just a pure function that translates a rest call to a sql query and executes it with the privileges of the user that is making the request.
The database does all the heavylifting |
|
|