fix: enable RLS for buckets table

inian · inian · commit 09246093cf84 · 2021-03-25T15:34:44.000+05:30
diff --git a/migrations/0006-add-rls-to-buckets.sql b/migrations/0006-add-rls-to-buckets.sql
@@ -0,0 +1 @@
+ALTER TABLE storage.buckets ENABLE ROW LEVEL SECURITY;
diff --git a/src/test/db/02-storage-schema.sql b/src/test/db/02-storage-schema.sql
@@ -35,7 +35,6 @@ CREATE UNIQUE INDEX "bucketid_objname" ON "storage"."objects" USING BTREE ("buck
 CREATE INDEX name_prefix_search ON storage.objects(name text_pattern_ops);
 
 ALTER TABLE storage.objects ENABLE ROW LEVEL SECURITY;
--- @todo enable RLS only for buckets table
 
 CREATE OR REPLACE FUNCTION storage.foldername(name text)
  RETURNS text[]
diff --git a/src/test/db/03-dummy-data.sql b/src/test/db/03-dummy-data.sql
@@ -36,6 +36,8 @@ INSERT INTO "storage"."objects" ("id", "bucket_id", "name", "owner", "created_at
 ('D3EB488E-94F4-46CD-86D3-242C13B95BAC', 'bucket3', 'sadcat-upload2.png', '317eadce-631a-4429-a0bb-f19a7a517b4a', '2021-03-01 08:53:29.567975+00', '2021-03-01 08:53:29.567975+00', '2021-03-01 08:53:29.567975+00', '{"mimetype": "image/svg+xml", "size": 1234}');
 
 -- add policies
+-- allows user to CRUD all buckets
+CREATE POLICY crud_buckets ON storage.buckets for all USING (auth.uid() = '317eadce-631a-4429-a0bb-f19a7a517b4a');
 -- allow public CRUD acccess to the public folder in bucket2
 CREATE POLICY crud_public_folder ON storage.objects for all USING (bucket_id='bucket2' and (storage.foldername(name))[1] = 'public');
 -- allow public CRUD acccess to a particular file in bucket2

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+ALTER TABLE storage.buckets ENABLE ROW LEVEL SECURITY;`