Fix RLS Policy for Storage preventing non-uuid file names (#57)

apps/web/supabase/tests/database/storage.test.sql

@@ -75,6 +75,45 @@ select lives_ok(
         'new row violates row-level security policy for table "objects"'
 );
 
+set local role postgres;
+
+-- create a new bucket with a custom policy
+--
+create policy new_custom_bucket_policy on storage.objects for all using (
+  bucket_id = 'new_bucket'
+  and auth.uid() = tests.get_supabase_uid('owner')
+)
+with check (
+  bucket_id = 'new_bucket'
+  and auth.uid() = tests.get_supabase_uid('owner')
+);
+
+select tests.authenticate_as('owner');
+
+-- insert a new object into the new bucket
+--
+select lives_ok(
+    $$ insert into storage.objects ("bucket_id", "metadata", "name", "owner", "owner_id", "version") values
+        ('new_bucket', '{"key": "value"}', 'some name 2', tests.get_supabase_uid('primary_owner'), tests.get_supabase_uid('primary_owner'), 1); $$,
+        'The primary_owner should be able to insert a new object into the new bucket'
+);
+
+-- check the object is inserted
+--
+select isnt_empty(
+    $$ select * from storage.objects where bucket_id = 'new_bucket' $$,
+    'The object should be inserted into the new bucket'
+);
+
+-- check other members cannot insert into the new bucket
+select tests.authenticate_as('member');
+
+select throws_ok(
+    $$ insert into storage.objects ("bucket_id", "metadata", "name", "owner", "owner_id", "version") values
+        ('new_bucket', '{"key": "value"}', 'some other name', tests.get_supabase_uid('primary_owner'), tests.get_supabase_uid('primary_owner'), 1); $$,
+        'new row violates row-level security policy for table "objects"'
+);
+
 select
   *
 from