- BREAKING: Remove user_roles view
- BREAKING: Remove delete_group_users function (and trigger on_delete_user)
- BREAKING: Remove update_group_users_email function (and trigger update_group_users_email)
- BREAKING: Modify update_user_roles function to remove the ability to update the user's email in metadata
- Add example view to replace user_roles
- Add example trigger functions to help keep user data synchronized into the group_users metadata
- Updated readme and added a section comparing it to the official supabase RBAC solution
- BREAKING: Remove "name" column from groups table
- BREAKING: user_roles view now properly adheres to RLS policies via security invoker (requires Postgres 15+)
- Add "metadata" column to groups table
- Add "metadata" column to group_users table
- Add trigger to keep metadata columns updated when a user record is updated
- Modify user_roles view to reference metadata columns instead of auth.users table
- Improve
update_user_rolesperformance by eliminating subqueries, updating only the affected roles, and adding the ability to update the record's metadata with the user's email - Reorganize example files
- Update readme links so they work on database.dev
- Add RLS policy examples to readme
- Remove references to "public" schema
- Fixed an issue where impersonating an anonymous user in the supabase studio would appear to grant access to data otherwise restricted by RLS. This issue did not affect real requests in production.
- BREAKING: Requires the "moddatetime" extension to be installed prior to installing this extension
- BREAKING: "created_at" column in groups table is now non-nullable
- Adds "updated_at" column to groups and group_users tables
- Adds trigger to automatically update "updated_at" column when a group or group_user record is updated
- Update control file to specify this as the default version
- BREAKING: Replace get_req_groups with get_user_claims
- BREAKING: Rename is_group_member to user_is_group_member
- BREAKING: Rename has_group_role to user_has_group_role
- BREAKING: Remove jwt methods (primary methods are now performant enough)
- BREAKING: Invite system now accepts multiple roles in a single invite (fixes #20)
- BREAKING: Remove set_group_owner and instead provide an example of how to implement it
- BREAKING: Remove add_group_user_by_email and instead provide an example of how to implement it
- Mark remaining read-only methods as stable
- Use auth.role() to determine authentication type (fixes #15)
- Set search paths for security definer functions (fixes #18)
- Use user-specified schema to determine search paths at time of extension creation (fixes #16)
- Add invite feature (fixes #7)
- Implement db_pre_request hook to populate request.groups context
- Add get_req_groups method to get group claims from request.groups context
- Modify jwt methods to use get_req_groups method
- Updated README.md
- Initial release