zaid.marzguioui/myeasycms-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enforce RLS when user opted in to MFA. (#188)

Browse Source 
* Allow Super Admin to view tables using RLS
* Replace previous usages of the Admin client using the authed client using the new RLS
* Enforce MFA for Super Admin users
* Enforce RLS when user opted in to MFA.
* Add Super Admin Access Policies and Update Database Types
* Consolidate super admin logic into a single function that uses the RPC is_super_admin
* Added Super Admin E2E tests
* Fixes and improvements
* Bump version to 2.5.0
This commit is contained in:
Giancarlo Buomprisco
2025-03-02 10:21:01 +07:00
committed by GitHub
parent 9cf7bf0aac
commit 131b1061e6
61 changed files with 2193 additions and 302 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
apps/web/supabase/tests/database/storage.test.sql
View File

@@ -8,7 +8,7 @@ select makerkit.set_identifier('owner', 'owner@makerkit.dev');
select makerkit.set_identifier('member', 'member@makerkit.dev');
select makerkit.set_identifier('custom', 'custom@makerkit.dev');
select tests.authenticate_as('member');
select makerkit.authenticate_as('member');
select throws_ok(
$$ insert into storage.objects ("bucket_id", "metadata", "name", "owner", "owner_id", "version") values
@@ -16,7 +16,7 @@ select throws_ok(
'new row violates row-level security policy for table "objects"'
);
select tests.authenticate_as('primary_owner');
select makerkit.authenticate_as('primary_owner');
select lives_ok(
$$ insert into storage.objects ("bucket_id", "metadata", "name", "owner", "owner_id", "version") values
@@ -29,7 +29,7 @@ select isnt_empty(
'The object should be inserted'
);
select tests.authenticate_as('owner');
select makerkit.authenticate_as('owner');
select is_empty(
$$ select * from storage.objects where owner = tests.get_supabase_uid('primary_owner') $$,
@@ -55,7 +55,7 @@ with check (
and auth.uid() = tests.get_supabase_uid('primary_owner')
);
select tests.authenticate_as('member');
select makerkit.authenticate_as('member');
-- user should not be able to insert into the new bucket according to the new policy
select throws_ok(
@@ -64,7 +64,7 @@ select throws_ok(
'new row violates row-level security policy for table "objects"'
);
select tests.authenticate_as('primary_owner');
select makerkit.authenticate_as('primary_owner');
-- primary_owner should be able to insert into the new bucket according to the new policy
-- this is to check the new policy system is working
@@ -88,7 +88,7 @@ with check (
and auth.uid() = tests.get_supabase_uid('owner')
);
select tests.authenticate_as('owner');
select makerkit.authenticate_as('owner');
-- insert a new object into the new bucket
--
@@ -106,7 +106,7 @@ select isnt_empty(
);
-- check other members cannot insert into the new bucket
select tests.authenticate_as('member');
select makerkit.authenticate_as('member');
select throws_ok(
$$ insert into storage.objects ("bucket_id", "metadata", "name", "owner", "owner_id", "version") values