-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathRLS_RECURSION_FIX.sql
More file actions
24 lines (21 loc) · 947 Bytes
/
Copy pathRLS_RECURSION_FIX.sql
File metadata and controls
24 lines (21 loc) · 947 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
-- ============================================================================
-- CRITICAL FIX: Resolve RLS Infinite Recursion Issue
-- ============================================================================
-- Drop the problematic recursive policy
DROP POLICY IF EXISTS "Admins can manage all users" ON public.users;
-- Create a simpler admin policy that doesn't cause recursion
-- We'll use the auth.jwt() function to get role directly from JWT token metadata
CREATE POLICY "Admins can manage all users" ON public.users
FOR ALL
TO authenticated
USING (
-- Allow if the user is accessing their own record OR if they're an admin
id = auth.uid() OR
(SELECT auth.jwt() -> 'app_metadata' ->> 'role') = 'admin'
)
WITH CHECK (
-- Same check for write operations
id = auth.uid() OR
(SELECT auth.jwt() -> 'app_metadata' ->> 'role') = 'admin'
);
-- Clean up complete - the JWT-based policy above should resolve the recursion issue