|
|
|
|
|
|
by steve-chavez
1495 days ago
|
|
|
That can be solved with RLS. The JWT usually contains the application user id(Customer) and assuming Document has an ownerId column, the SELECT policy for Document would contain the `ownerId = auth.uid()`[1] condition — this would ensure customers can't access documents that they don't own. This looks more fit to be discussed in https://github.com/supabase/supabase/discussions. I'd recommend opening a discussion there. [1]: `auth.uid()` is just a wrapper over the `current_setting('request.jwt.claims', true)` mentioned in https://postgrest.org/en/stable/api.html#accessing-request-h... |
|
|