Supabase
RLS Policy not working for realtime table subscription #32574
-
|
Hello, I have a table const gameIds = [40];
const channel = supabase
.channel('realtime-game-rounds')
.on('postgres_changes',
{
event: '*',
schema: 'public',
table: 'realtime_rounds',
filter: `game_id=in.(${gameIds.join(',')})`,
},
(payload) => {
console.log('Real-time update:', payload);
}
)
.subscribe();Whenever an update or new entry happens, the realtime update should be called. If I disable RLS it works, but as you can imagine I don't want to disable that. I use a policy on the SELECT to check if the current user auth.uid() is part of the Example: SELECT 1
FROM game_participants gp
WHERE ((gp.user_id = 'myUserId'::uuid) AND (gp.game_id = 40))If I execute this SQL in the editor, it works and I get a result. My RLS policy is using the same check: create policy "Only game participants can read rounds"
on "public"."realtime_rounds"
as PERMISSIVE
for SELECT
to authenticated
using (
exists (
select 1
from public.game_participants
where game_participants.user_id = auth.uid()
and game_participants.game_id = realtime_rounds.game_id
)
);But that DOES NOT work. Even if I hardcode the values in the using() statement, the update on the clients doesn't happen: create policy "Only game participants can read rounds"
on "public"."realtime_rounds"
as PERMISSIVE
for SELECT
to authenticated
using (
exists (
select 1
from public.game_participants
where game_participants.user_id = "myUserId"
and game_participants.game_id = 40
)
);
What am I missing? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
You also have to meet select policy on game_participants if RLS is enabled on it. |
Beta Was this translation helpful? Give feedback.
You also have to meet select policy on game_participants if RLS is enabled on it.