You're reading from Building Production-Grade Web Applications with Supabase A comprehensive guide to database design, security, real-time data, storage, multi-tenancy, and more

Product type Paperback

Published in Aug 2024

Publisher Packt

ISBN-13 9781837630684

Length 534 pages

Edition 1st Edition

Languages

Typescript

Tools

Next.js

Concepts

Application Development

Author (1):

David Lorenz

View More author details

Table of Contents (20) Chapters

Preface

1. Part 1:Creating the Foundations of the Ticket System App

2. Chapter 1: Unveiling the Inner Workings of Supabase and Introducing the Book’s Project FREE CHAPTER

3. Chapter 2: Setting Up Supabase with Next.js

4. Chapter 3: Creating the Ticket Management Pages, Layout, and Components

5. Part 2: Adding Multi-Tenancy and Learning RLS

6. Chapter 4: Adding Authentication and Application Protection

7. Chapter 5: Crafting Multi-Tenancy through Database and App Design

8. Chapter 6: Enforcing Tenant Permissions with RLS and Handling Tenant Domains

9. Chapter 7: Adding Tenant-Based Signups, including Google Login

10. Part 3: Managing Tickets and Interactions

11. Chapter 8: Implementing Dynamic Ticket Management

12. Chapter 9: Creating a User List with RPCs and Setting Ticket Assignees

13. Chapter 10: Enhancing Interactivity with Realtime Comments

14. Chapter 11: Adding, Securing, and Serving File Uploads with Supabase Storage

15. Part 4: Diving Deeper into Security and Advanced Features

16. Chapter 12: Avoiding Unwanted Data Manipulation and Undisclosed Exposures

17. Chapter 13: Adding Supabase Superpowers and Reviewing Production Hardening Tips

18. Index

Why subscribe?

19. Other Books You May Enjoy

Adding and optimizing RLS policies

As I said, we won’t be implementing editing comments in this book, but I’ll still create a policy for it so I can test updates with active policies directly in the database (with the impersonation feature you already know from Chapter 6). UI-wise, I want to be able to fetch and insert comments within a tenant to which I have access. Policy-wise, I want the updating and deletion of comments to only be allowed for its creators (created_by).

If we were to implement the DELETE or UPDATE policy for the author of a comment, it would look like this (however, don’t add this yet):

EXISTS (SELECT FROM service_users s WHERE s.id = created_by AND s.supabase_user = auth.uid())

You’ve already seen a similar statement for the deletion policy of the ticket.

For inserting and fetching comments, again, we would have to use the well-known expression that we’ve used in other policies (don’t add this one yet either...