-
-
Notifications
You must be signed in to change notification settings - Fork 77
Restrict global_stats access to platform admins #1706
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Closed
+62
−4
Closed
Changes from all commits
Commits
Show all changes
35 commits
Select commit
Hold shift + click to select a range
66390bc
fix(db): restrict global_stats to admin users
riderx 655ddee
fix(db): use unique migration version for global_stats lock
riderx f00cf1c
fix(db): restrict global_stats to admin users
riderx 7989c3b
fix(db): use unique migration version for global_stats lock
riderx 04f5309
test(rls): assert empty result for non-admin global_stats access
riderx 9958797
test(rls): resolve merge conflict on global_stats access assertion
riderx 5a343ea
fix(db): restrict global_stats to admin users
riderx f0f1a7f
fix(db): use unique migration version for global_stats lock
riderx 9874eb4
test(rls): assert empty result for non-admin global_stats access
riderx c7b53e3
fix(db): restrict global_stats to admin users
riderx 8138b88
fix(db): use unique migration version for global_stats lock
riderx 534e6eb
test(rls): fix merge conflict residue after rebase
riderx 7d50b54
fix(db): restrict global_stats to admin users
riderx ba7f592
fix(db): use unique migration version for global_stats lock
riderx 13ca4ce
test(rls): assert empty result for non-admin global_stats access
riderx a00781d
fix(db): restrict global_stats to admin users
riderx 3ae7691
fix(db): use unique migration version for global_stats lock
riderx 9a79832
Merge branch 'riderx/fix-global-stats' of https://github.com/Cap-go/c…
riderx bea7ceb
fix(db): restrict global_stats to admin users
riderx abcbcba
fix(db): use unique migration version for global_stats lock
riderx a8b8aed
test(rls): assert empty result for non-admin global_stats access
riderx f2f5f3e
fix(db): restrict global_stats to admin users
riderx e98af0a
fix(db): use unique migration version for global_stats lock
riderx d00dacf
test(rls): fix merge conflict residue after rebase
riderx 1faf8d7
fix(db): restrict global_stats to admin users
riderx e509bc2
fix(db): use unique migration version for global_stats lock
riderx a9d4fe0
test(rls): assert empty result for non-admin global_stats access
riderx 39b318d
fix(db): restrict global_stats to admin users
riderx b8ef079
fix(db): use unique migration version for global_stats lock
riderx 43aecf5
fix(db): restrict global_stats to admin users
riderx 359f783
fix(db): use unique migration version for global_stats lock
riderx e2423b1
fix(db): restrict global_stats to admin users
riderx 41e9db1
fix(db): use unique migration version for global_stats lock
riderx 1b6d45a
Merge branch 'riderx/fix-global-stats' of https://github.com/Cap-go/c…
riderx 2f066a5
Merge branch 'main' into riderx/fix-global-stats
riderx File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Some comments aren't visible on the classic Files Changed page.
There are no files selected for viewing
27 changes: 27 additions & 0 deletions
27
supabase/migrations/20260227000000_restrict_global_stats_public_access.sql
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| -- ============================================================================= | ||
| -- Migration: Restrict global_stats access to platform admins only | ||
| -- ============================================================================= | ||
|
|
||
| -- Remove the permissive anonymous read policy that currently exposes KPI data. | ||
| DROP POLICY IF EXISTS "Allow anon to select" ON public.global_stats; | ||
|
|
||
| -- Replace with an admin-only read policy. | ||
| DROP POLICY IF EXISTS "Deny anon and authenticated reads" ON public.global_stats; | ||
| DROP POLICY IF EXISTS "Allow admin users to select global_stats" ON public.global_stats; | ||
| CREATE POLICY "Allow admin users to select global_stats" | ||
| ON public.global_stats | ||
| FOR SELECT TO authenticated | ||
| USING ( | ||
| EXISTS ( | ||
| SELECT | ||
| 1 | ||
| FROM | ||
| (SELECT auth.uid() AS uid) AS auth_user | ||
| WHERE | ||
| public.is_admin(auth_user.uid) | ||
| ) | ||
| ); | ||
|
|
||
| -- Remove table privileges for low-trust roles. | ||
| REVOKE ALL PRIVILEGES ON TABLE public.global_stats FROM anon, authenticated; | ||
| GRANT SELECT ON TABLE public.global_stats TO authenticated; | ||
coderabbitai[bot] marked this conversation as resolved.
Show resolved
Hide resolved
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This migration uses the
20260226000000version prefix, but that prefix is already used by20260226000000_org_rls_require_self_2fa_update.sql; Supabase migration ordering/history is version-based, so this collision can make one migration unapplied or non-deterministic across environments, which risks leavingglobal_statsaccess policy changes out of sync.Useful? React with 👍 / 👎.