Enforce RLS when user opted in to MFA. (#188)

* Allow Super Admin to view tables using RLS * Replace previous usages of the Admin client using the authed client using the new RLS * Enforce MFA for Super Admin users * Enforce RLS when user opted in to MFA. * Add Super Admin Access Policies and Update Database Types * Consolidate super admin logic into a single function that uses the RPC is_super_admin * Added Super Admin E2E tests * Fixes and improvements * Bump version to 2.5.0
2025-03-02 10:21:01 +07:00
parent 9cf7bf0aac
commit 131b1061e6
61 changed files with 2193 additions and 302 deletions
--- a/apps/web/supabase/tests/database/notifications.test.sql
+++ b/apps/web/supabase/tests/database/notifications.test.sql
@@ -9,7 +9,7 @@ select tests.create_supabase_user('test1', 'test1@test.com');

 select tests.create_supabase_user('test2');

-select tests.authenticate_as('test1');
+select makerkit.authenticate_as('test1');

 -- users cannot insert into notifications
 select throws_ok(
@@ -25,7 +25,7 @@ select lives_ok(
    'service role can insert into notifications'
 );

-select tests.authenticate_as('test1');
+select makerkit.authenticate_as('test1');

 -- user can read their own notifications
 select row_eq(
@@ -48,7 +48,7 @@ select lives_ok(
    'service role can insert into notifications'
 );

-select tests.authenticate_as('member');
+select makerkit.authenticate_as('member');

 select row_eq(
    $$ select account_id, body from public.notifications where account_id = makerkit.get_account_id_by_slug('makerkit'); $$,
@@ -58,7 +58,7 @@ select row_eq(

 -- foreigners

-select tests.authenticate_as('test2');
+select makerkit.authenticate_as('test2');

 -- foreigner cannot read other user's notifications
 select is_empty(