sass/root-org
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
c2d3caaa5a5cd08c3e20749fa95c287358ce217e
root-org/supabase/migrations/055_fix_org_members_recursion.sql
AlacrisDevs a4baa1ad25 Big things, maybe all's better now
2026-02-09 11:36:39 +02:00

68 lines
2.3 KiB
SQL
Raw Blame History

-- ============================================================
-- Migration 055: Fix infinite recursion in org_members SELECT policy
-- The previous policy queried org_members from within its own
-- SELECT policy, causing PostgreSQL error 42P17.
-- Fix: check user_id directly on the current row.
-- ============================================================
DROP POLICY IF EXISTS "Members can view org members" ON public.org_members;
-- Use auth.uid() directly (not wrapped in select) to avoid PostgreSQL
-- detecting infinite recursion on this self-referencing policy.
-- This matches the original working pattern from 001_initial_schema.sql.
CREATE POLICY "Members can view org members" ON public.org_members
FOR SELECT TO authenticated
USING (
EXISTS (
SELECT 1 FROM public.org_members om
WHERE om.org_id = org_members.org_id
AND om.user_id = auth.uid()
)
);
-- Also fix the UPDATE and DELETE policies which have the same self-reference
DROP POLICY IF EXISTS "Owners and admins can manage members" ON public.org_members;
CREATE POLICY "Owners and admins can manage members" ON public.org_members
FOR UPDATE TO authenticated
USING (
EXISTS (
SELECT 1 FROM public.org_members om2
WHERE om2.org_id = org_members.org_id
AND om2.user_id = auth.uid()
AND om2.role IN ('owner', 'admin')
)
)
WITH CHECK (
EXISTS (
SELECT 1 FROM public.org_members om2
WHERE om2.org_id = org_members.org_id
AND om2.user_id = auth.uid()
AND om2.role IN ('owner', 'admin')
)
);
DROP POLICY IF EXISTS "Owners and admins can delete members" ON public.org_members;
CREATE POLICY "Owners and admins can delete members" ON public.org_members
FOR DELETE TO authenticated
USING (
EXISTS (
SELECT 1 FROM public.org_members om2
WHERE om2.org_id = org_members.org_id
AND om2.user_id = auth.uid()
AND om2.role IN ('owner', 'admin')
)
);
DROP POLICY IF EXISTS "Allow member inserts" ON public.org_members;
CREATE POLICY "Allow member inserts" ON public.org_members
FOR INSERT TO authenticated
WITH CHECK (
EXISTS (
SELECT 1 FROM public.org_members om
WHERE om.org_id = org_members.org_id
AND om.user_id = auth.uid()
AND om.role IN ('owner', 'admin')
)
OR org_members.user_id = auth.uid()
);
Reference in New Issue View Git Blame Copy Permalink