supabase中基于角色的身份验证
我正在尝试在supabase中制定策略,其中具有管理员角色的用户只能获取“代理”角色的员工列表
,其中有一个“用户”表,我正在尝试添加以下策略
"(auth.email() in (select users.email from users where users.role = 'admin')) and (role = 'agent')
用户表具有以下列
firstName | lastname |角色|电子邮件| 但是,密码
我会在用户表格上获得无限的递归。
我如何在这里创建基于角色的政策? 提前致谢!
I am trying to make policy in supabase where a user with admin role can only get list of employees whose role are "agent"
There is a "users" table and I am trying to add following policy
"(auth.email() in (select users.email from users where users.role = 'admin')) and (role = 'agent')
User table has following columns
firstname | lastname | role | email | password
However I am getting Infinite recursion on users table mesage.
How can I create a role based policy here?
Thanks in advance!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
当在表上查询RLS时,这是一个已知的问题,因为策略查找也受策略的约束。您需要将查询移至安全定义器函数中,并在策略中调用该功能,以避免无限递归。
然后,在您的策略中,
我对您要应用的策略感到有些困惑,因为您正在检查
users.roleisadmin,但与此同时还要检查角色是否也是代理,这是否意味着可以为用户分配多个角色?This is a known issue when doing a query on a table that the RLS will be set on because the policy lookup is subject to the policy too. You will need to move the query into a security definer function and call the function in the policy instead to avoid infinite recursion.
Then in your policy add
I am a little confused by the policy you are trying to apply as you are checking if the
users.roleisadminbut at the same time you are checking if theroleisagenttoo, does this mean a user can be assigned multiple roles?