Supabase
Replies: 2 comments 2 replies
-
|
i use client |
Beta Was this translation helpful? Give feedback.
-
|
Hey @eifo
You can use either - if you use it in the client, make sure that you enable Row Level Security and add Policies for data access. I would recommend enabling RLS anyway (if you don't add any policies, then only the service key will work). If you want a more "traditional" approach to data access then just use the API routes, and you can add whatever data access rules you prefer in your middleware
Correct you have to enable it on the dashboard, or you can run |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for your answer! I enabled RLS through pgadmin, but didn't know you have to go to the dashboard and lock it in, perhaps it will be better if it gets locked by default and not have to go to the dashboard and lock it. Moreover, RLS still worked without locking the table when fetching directly from client components but did not work for api route fetching, not sure if this is the right behavior. |
Beta Was this translation helpful? Give feedback.
-
You shouldn't have to go to the dashboard if it is enabled in pgadmin. Did you run a SQL command or is the a "switch" in pgadmin? Our dashboard just queries Postgres to see if the table has RLS, so you should be able to enable it from anywhere |
Beta Was this translation helpful? Give feedback.
-
What is the recommended approach using next js to write and fetch data with the supabase client & auth, I went over all the three repo examples but still is not clear. Should we be using the API routes (server) or fetch directly from client. Row level security was not working for me when calling through api routes, I had to go to the dashboard policy and click on the red lock in order to work (it was working on the client without that)?
Beta Was this translation helpful? Give feedback.
All reactions