[pull] master from supabase:master#903
Merged
Merged
Conversation
…45683) Swap the project-creation revoke from custom `db_sql` over to the new `data_api_revoke_default_privileges` API field. Same behaviour, just delegated to the platform so non-studio flows (branches, CLI, terraform) can apply the same revoke logic — addresses [FE-3145](https://linear.app/supabase/issue/FE-3145/swap-frontend-to-use-revoke-default-privileges-flag). Backend support landed in supabase/platform#32158 and supabase/platform#32493 (FUP that decoupled the flag from `data_api_use_api_schema`). **Changed:** - `apps/studio/data/projects/project-create-mutation.ts` — accepts `dataApiRevokeDefaultPrivileges` and forwards it as `data_api_revoke_default_privileges` - `apps/studio/pages/new/[slug].tsx` — drops the inline `buildDefaultPrivilegesSql('revoke')` injection in `dbSql`, passes the flag instead - `apps/studio/pages/integrations/vercel/[slug]/deploy-button/new-project.tsx` — same swap on the Vercel deploy-button flow - `packages/api-types/types/platform.d.ts` — adds the new field to `CreateProjectBody` **Preserved:** - The `dataApiRevokeOnCreateDefault` PostHog flag still gates the default checkbox state and telemetry — only the SQL application changes - `data_api_use_api_schema: false` stays as-is — projects keep `public` + `graphql_public` exposed, no project-shape change ## To test - Project creation form (`/new/<org>`): - With PostHog flag off: "Automatically expose new tables" defaults to checked → request body has `data_api_revoke_default_privileges: false` - Manually uncheck the box → request body has `data_api_revoke_default_privileges: true`, project ends up with revoked default grants on `public` - With "Enable Data API" off → `data_api_revoke_default_privileges: false` (no point revoking when nothing's exposed) - Vercel deploy-button flow (`/integrations/vercel/<slug>/deploy-button`): - Same checkbox behaviour as above - Migration SQL from the GitHub repo still runs as `db_sql` separately <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added support for a dedicated `dataApiRevokeDefaultPrivileges` option during project creation. * **Refactor** * Simplified Data API privilege configuration by using a dedicated parameter instead of SQL-based management across project creation flows. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
## Context Missed another case here - RLS tester when retrieving policies associated with query needs to consider policies with the `ALL` operation <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Tests** * Added comprehensive tests for Row-Level Security policy filtering, covering schema/table matching, role handling (including public/service-role cases), command/operation semantics, and combined filter behavior. * **Refactor** * Centralized and clarified RLS policy filtering logic used by the tester for improved maintainability and consistency. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Context Addresses some issues found with the RLS editor from recent changes - Creating a "SELECT" or "INSERT" policy via templates wasn't working (might have been [this PR](#45560)) that introduced the bug) - SELECT -> SQL error as we were incorrectly adding a with check statement in the query - INSERT -> UI issue, there's a bit of complexity as we're using 1 code editor for `using` and `check` statements - Badge color for "UPDATE" based templates is off <img width="446" height="114" alt="image" src="https://github.com/user-attachments/assets/66fd0c1a-c20c-406d-983e-2c02680bb235" /> - Renaming a policy, the initial alter query statement shouldn't be using the new name <img width="596" height="288" alt="image" src="https://github.com/user-attachments/assets/0b6822d5-e5f5-440e-8942-8e19bd7bf4c3" /> ## To test - [ ] Verify that you can create a policy for all templates in the Auth policies page + Realtime policies page (as long as no SQL error - some templates are using tables as examples that might not exist in the DB) - [ ] Likewise, verify that you can manually create + update policies as well <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Style** * Updated UPDATE template badge styling to a darker blue color scheme with reduced opacity. * **Bug Fixes** * Fixed policy name display logic to correctly show the selected policy's existing name during renaming operations. * Improved SQL fragment loading and check expression handling for INSERT command policy templates. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## What kind of change does this PR introduce? Feature and design-system update. Resolves DEPR-551. This is a narrower redo of #45302 after the revert in #45535. ## What is the current behaviour? The reverted implementation made Admonition more flexible, but it also changed Studio callsites, touched shared Alert styling, renamed the design-system Tailwind config, and changed Docs-facing content/API assumptions in a way that broke production docs static generation. ## What is the new behaviour? Admonition now supports description-only content, children-only content, optional `title`, legacy `label`, and `type="success"` without touching `apps/docs/content/**` or shared Alert styling. `title` wins over `label` when both are provided. The runtime component props stay backwards-compatible for existing MDX and Studio usage, while `AdmonitionStrictProps` captures the stricter new-usage contract for tests and future callsites. The design-system docs and registry include description-only and success examples, and the Admonition tests cover the rendering paths that broke production previously. | After | | --- | | <img width="1668" height="1768" alt="CleanShot 2026-05-06 at 17 35 13@2x" src="https://github.com/user-attachments/assets/1c00ea7f-e3ca-45eb-8af9-3536b657c341" /> | ## Additional context These things that were in #45302 have been left out (unless checked): - [ ] Studio callsite rewrites from title/label to description - [ ] Shared Alert text-colour changes - [ ] Design-system Tailwind config rename - [ ] Design-system global CSS changes - [ ] Any docs content migration or label deprecation - [ ] Any production docs workaround <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added success admonition variant with dedicated styling and icon. * Introduced description-only admonition example. * **Documentation** * Expanded admonition guidance on title vs description usage and best practices. * Added example sections showcasing description-only and success variants. * **Tests** * Added comprehensive tests covering admonition variants and rendering/precedence behavior. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )