realtime
realtime copied to clipboard
supabase
fix: Reimplement Authz with newer simpler policies
What kind of change does this PR introduce?
New Authorization checking made with simpler RLS rules. We'll now check a single table called messages and for a specific set of elements for each row.
At the moment we are prefilling the table with some information on lib/realtime/tenants/authorization.ex and that is then used to check read policies and after that we try to insert new values onto the tables to check write policies.
All the changes made during this checks is reverted upon ending the transaction ensuring we don't leave extra clutter.
The latest updates on your projects. Learn more about Vercel for Git ↗︎
1 Ignored Deployment
| Name | Status | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| realtime-demo | ⬜️ Ignored (Inspect) | Visit Preview | May 27, 2024 3:33pm |
![vercel[bot] avatar](https://avatars.githubusercontent.com/in/8329?v=4 "Published by a pub.dev verified publisher"){kind=small}
@abc3 not yet, will do the changes to the realtime-js next version to be able to test this. in theory we just add the "private" option in the channel startup
:tada: This PR is included in version 2.29.3 :tada:
The release is available on GitHub release
Your semantic-release bot :package::rocket:
