## Summary
- Converts ~27 `executeSql` call sites in `apps/studio/data/**` to build
SQL through `safeSql` / `ident` / `literal` / `keyword` /
`joinSqlFragments` instead of raw template-string interpolation.
- Tightens the `useDatabaseCronJobCreateMutation` and
`useDatabaseEventTriggerCreateMutation` `sql`/`query` parameter types
from `string` to `SafeSqlFragment` (callers already produce one).
- Updates `getDeleteEnumeratedTypeSQL` in `packages/pg-meta` to return
`SafeSqlFragment`.
- Fixes a bug noticed while testing where Queues integration does not
correctly handle queues with uppercase names.
## Pages to manually test
- Integrations > Cron Jobs
- Integrations > Queues
- Database > Triggers > Event Triggers
- Database > Indexes
- Reports > Query Performance
- Storage
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **Bug Fixes**
* Queue lookups now correctly handle case-insensitive queue names.
* Queue table references are now properly managed and consistently
applied throughout the queue management interface.
* Improved queue name display normalization in the user interface.
* **Chores**
* Enhanced SQL query safety across the database layer through
parameterized query construction and safer templating approaches.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Fixes the RLS policies page showing self-contradictory or wrong
admonitions for tables with partial grants. Classifies each table using
the same `granted / custom / revoked` semantics used by the Data API
settings page so the two views agree on what counts as "exposed".
**Changed:**
- `PolicyTableRow` now uses `useTableApiAccessQuery` (shared cache with
the Table Editor sidebar) instead of a bespoke
`tables-roles-access-query`
- Boolean soup collapsed into a single `TableDataApiStatus`
discriminated union (`schema-not-exposed | no-grants | custom-grants |
publicly-readable | locked-by-rls | secured`) via a pure helper
- Admonition copy for `no-grants` and `locked-by-rls` updated; a table
with no policies but full grants now reads "No data will be returned via
the Data API as no RLS policies exist on this table." instead of the
earlier self-contradictory "can be accessed but no data will be
returned"
- `table-api-access-query.ts` now exposes a `grantStatus: 'granted' |
'custom'` on `access` entries — `granted` = all 3 API roles × all 4 CRUD
privileges (matches `getTableGrantsCTEs` in pg-meta)
**Added:**
- New `custom-grants` admonition: "This table has custom Data API
permissions — access may be restricted for some roles or operations."
- Unit tests for `getTableDataApiStatus`, `getTableAdmonitionMessage`,
and `isFullyGranted`
**Removed:**
- `data/tables/tables-roles-access-query.ts` and the `rolesAccess` key —
no more callers
## To test
On a project with the `public` schema exposed, for each scenario check
the admonition shown on `/project/{ref}/auth/policies`:
1. Table with full standard grants, RLS on, no policies → "No data will
be returned via the Data API as no RLS policies exist on this table."
2. Table with full standard grants, RLS off → yellow warning "can be
accessed by anyone"
3. Table with partial grants (e.g. only `GRANT SELECT ON t TO anon`) →
new "custom Data API permissions" admonition regardless of RLS state
4. Table with no anon/authenticated/service_role grants → "cannot be
accessed via the Data API"
5. Schema not in the exposed list → "schema not exposed" admonition with
link
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Tests**
* Added unit tests covering table Data API/RLS status classification and
API grant validation.
* **Refactor**
* Introduced a unified per-table API/RLS status model and reusable
utilities to derive display status and admonitions.
* Simplified UI logic to drive access indicators and warnings from the
new status.
* **Chores**
* Removed legacy role-based access query and its related keying logic.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
Bug fix & feature
## What is the current behavior?
Customers with large schemas have trouble running:
pg-meta/{ref}/tables?include_columns=false
## What is the new behavior?
In the webhooks view some users with large schemas could not click a
table name as the underlying query times out. This just adds a light
weight query and fetches the table name
## Additional context
Add any other context or screenshots.
## Summary by CodeRabbit
* **Refactor**
* Optimized table name fetching in the database interface by introducing
an enhanced query mechanism that streams table metadata more efficiently
from the database.
## Context
Shifting more dashboard queries into pg-meta so that we centralize all
manually written queries in one place
Having them in packages/pg-meta also allows us to write tests for them
## To test
Just needs a smoke test on
- Table Editor
- Fetching entities
- Viewing definition
- SQL Editor
- View ongoing queries
- Abort queries
- Integrations
- Queues
- Database
- Migrations
-Triggers (Updating)
## Problem
In local/self-hosted mode, tables incorrectly show "API disabled" even
when they have valid RLS policies.
This happens because:
1. `project.connectionString` is `null` for local/self-hosted (defaults
to null per API types)
2. `useTablesRolesAccessQuery` has `!!connectionString` in its enabled
condition
3. The query never runs, so the UI can't determine actual API access
status
## Solution
Removed `!!connectionString` check from `useTablesRolesAccessQuery`'s
enabled condition.
This is safe cause:
- likewise `executeSql` already handles null/empty connectionString via
`connectionString ?? ''`
For local/self-hosted, the query works without connectionString (pg-meta
uses direct database connection)
The query now runs and correctly works
Before:
<img width="1577" alt="Before fix - API disabled shown incorrectly"
src="https://github.com/user-attachments/assets/0510fe38-a4ff-4898-aacb-b2ec8f1a2182"
/>
After:
<img width="1128" alt="After fix - API status displays correctly"
src="https://github.com/user-attachments/assets/5784b76b-f7e7-4281-ac40-57408a17a294"
/>
- Closes#43081
Co-authored-by: Andrey A. <56412611+aantti@users.noreply.github.com>
## Problem
Editing a column from the schema visualiser requires many clicks
## Solution
When hovering over a column in the schema visualiser, an edit button
should appear on the right side. Clicking this button should open the
column edit pane on the right side of the screen. This would reduce the
number of clicks required and allow users to make edits directly from
the visualiser instead of using it only as a visual aid.
* feat(studio): show icon on tables exposed by data api
Show an icon in the Table Editor for tables that are exposed via the
Data API.
* refactor(studio): move table api access query up to parent
* fix(studio): invalidate table privileges query on table create
* fix(studio): make RLS disabled warning on table editor more obvious
Change from warning -> danger
* Only show add foreign key in side panel if isSuccess
* chore(studio): put data api exposed badge behind feature flag
Only show badge for now if flag `dataApiExposedBadge` is enabled.
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* Bump the deps, refactor deprecated code.
* Migrate keepPreviousData usage.
* Migrate all uses of InfiniteQuery.
* Fix refetchInterval in queries.
* Migrate all use of isLoading to isPending in mutations.
* Fix accessing location in claim-project.
* Fix a bug in duplicate query keys.
* Migrate all queries to use isPending.
* Revert "Fix accessing location in claim-project."
This reverts commit 2a07df64b5.
* Revert the rss.xml file to master.
There is an edge case interaction between the Postgres query parser and
MSSQL foreign tables, where the query parser may drop sort clauses that
are redundant with applied filters. This leads to invalid MSSQL syntax,
because the resulting query has a `limit` but no `sort`, and the user
sees a confusing error message.
This PR detects this edge case on MSSQL foreign tables. There are three
cases:
1. The user filters by a column, but there are still other columns
available for sorting. The default search for a sorting column will
leave out the filtered column.
2. The user filters by a column/several columns, and there are no more
columns that can be used for sorting. We stop the query and show an
admonition.
3. The user filters by a column, then tries to sort by the same column.
We stop the query and show an admonition.
* Add custom types for queries, mutations and infinite queries.
* Migrate all queries to use the new type.
* Migrate all infinite queries to useCustomInfiniteQueryOptions.
* Migrate all mutations to use useCustomMutationOptions.
* Add type to all imports in `types` folder.
* Migrate all uses of invalidateQueries to use object syntax.
* Migrate the remainder of useInfiniteQuery.
* Migrate all setQueriesData.
* Migrate all fetchQuery uses.
* Migrate some leftover functions from RQ.
* Fix issues found by Charis.
* fix(policy editor): reduce number of table role access queries
On the Policies page, every single PolicyTableRow fires off its own
table roles access query (because each query is keyed to an individual
table). For users with many tables (400+), this causes the API to
rate-limit the dashboard.
Changed so that the table roles access query now fetches information for
the entire schema in one go, then organizes it by table.
* Nit refactors
* refactor: return minimal data from table access query
All we need to know is whether a given table has anon or authenticated
access, so just query for the list of tables that match that criteria
from information_schema.role_table_grants.
* refactor(policies page): more efficient sql query for getting anon/auth access tables
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* fix: move table create update delete to query route
* chore: implement query to fetch a single table
* fix: retrieve table after update
* chore: assign type to update table payload
* chore: use updated table columns for edit
* chore: make executeSql castable with generic (#35685)
* Chore/refactor derivate more types from queries (#35687)
* chore: make executeSql castable with generic
* chore: derivate types from performed queries
- It allows to decouple more the frontend logic and the pg-meta/sql-query logic allowing to reduce the number of cast
and get closer types between what we do fetch and what we expect in our components
* fix: remove existing check
* chore: handle null comment and check
* fix: format check name as identifier
---------
Co-authored-by: avallete <andrew.valleteau@supabase.io>
Co-authored-by: Andrew Valleteau <avallete@users.noreply.github.com>
* init
* Update inner-side-menu.mdx
* chore: update SQL sidebar to use ui pattern components
* mor
* Update
* Update index.tsx
* init: merge table editor and sql editor and schema visualization together
* more
* move to valtio
* fix issue with Command+B shortcut
* now shows in treeviews if item is opened in tab
* Update ProjectLayout.tsx
* fix sidebar
* fix schema selector for non explorer version
* show schema name in tabs
* added schema names to tabs
* tabs have been updated to support preview tabs
* fix URL issue
* add empty state stuff
* Update SQLEditorNav.tsx
* preview tab works now
* more tabs stuff. 'new' tab also added
* new tab concept
* updates
* fix type errors
* remove unused files
* update test
* move back button, fix width issues on sidebar
* update sidebar logic
* Update ProjectLayout.tsx
* lots of updates. layouts now streamlined. localstorage for tabs in use
* moar
* bunch of new tab logic
* fix empty tab issue
* Update tabs.ts
* layouts switched
* new pages now have fixed layouts
* fix tabs
* fix code bg
* add tabs support for multiple project refs
* intialization issue
* update ID handling
* fixed isOpened state for SQL snippets
* remove old assistant because its bugging up panels
* preview style works in sql editor
* fix border
* removes preview tab if there is one
* fix background of loading skeleton
* lots of issues with types/icons/redirect
* new tab cards
* snippets in empty state now work
* moar stuff
* tabs now in feature flags
* Update tabs.ts
* Update tabs.ts
* moar
* add feature previews
* remove code not needed
* Update next-env.d.ts
* Delete FeaturePreviewModal.tsx
* fix typescript errors. remove more explorer stuff
* remove explorer files
* fixed issues with templates and quickstarts tab
* fixed active state when tabs are not opted in
* logic error
* fix open/highlight issue when opted out of tabs
* templates/quickstarts now displayed with new cards
* Update recent-items.tsx
* Update new-tab.tsx
* add icon back in
* add old empty state back in
* recent items updated to respect project ref
* localstorage cleanup on deletion
* moar
* overflow tabs now working
* correct tab names used for new sql templates/quickstarts
* ongoing queries fix
* cleanup
* update images
* Update RouteValidationWrapper.tsx
* Update AppLayout.tsx
* Update NavigationBar.tsx
* add headers back into side panels
* improve writing
* tabs now drag and drop a billion times better
* Update tabs.tsx
* Update tabs.tsx
* init issues on stores, which caused a race condition.
* fix hydration error
* fix new tab issue in sql
* Update ProjectLayout.tsx
* Update pnpm-lock.yaml
* Update new-tab.tsx
* move EditorMenuListSkeleton
* Fix type issues
* fixes: DESIGN-87
fixes: DESIGN-87
* refactor sort/filter components
* Update rules-set-button-text.tsx
* remove discussions for now
* small styling fixes
* Update FeaturePreviewModal.tsx
* Update FeaturePreviewModal.tsx
* Update RouteValidationWrapper.tsx
* revert
* revert
* revert
* revert
* revert
* more revert
* Update collapse-button.tsx
* Update SQLEditorTreeViewItem.tsx
* revert
* Update SchemaGraph.tsx
* Delete new-upcoming.tsx
* revert
* Update ProjectLayout.tsx
* fix home link
* Update table-editor.spec.ts
* test update
* Update table-editor.spec.ts
* Fix the playwright tests.
* layout fixes
* layout fix
* revert sort/filter
* Update LastSignInWrapper.tsx
* revert
* revert
* remove
* update file names
* revert
* revert
* revert
* Fix TreeView console error props
* Add guards in SQL Editor to ensure that feature preview tabs changes do not affect existing UI when flag is off
* Fix missing DefaultLayout in SQL editor templates + fix New tab
* Remove console log
* Remove DatabaseSelector for SQL editor on local
* Fix SQL editor shared favorites for local
* Fix test
* Ensure NewTab doesn't show up if flag is not toggled for SQL editor
* Decouple UI state changes from content-query and entity-types-infinite-query
* Fix tab closing unnecessary rerouting
* Beef up feature previews
* Fix create new table from table editor new tab
* Fix tabs getting incorrectly reset when going between table and SQL editors
* Fix last visited SQL snippet for both tabs and not tabs
* Fix last visited table for table editor tabs
* Clear dashboard history when closing last tab
* Fix loading dashboard history
* Add comment to refactor stores
* Ensure we only save up to 8 items for recent items for each type
* Remove unneccesary logic in tabs
* Smol style fix for DeleteAccountButton
* Smol fix
* Fix inability to close New tab
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
Co-authored-by: Alaister Young <a@alaisteryoung.com>
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
* Update database-triggers-query to use get from data/fetchers
* Update database triggers mutation RQs to use methods from data/fetchers
* Don't cd to the directory, use the --dir parameter of pnpm.
---------
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
* Update the design of the sonner toasts. Add the close button by default.
* Migrate studio and www apps to use the SonnerToaster.
* Migrate all toasts from studio.
* Migrate all leftover toasts in studio.
* Add a new toast component with progress. Use it in studio.
* Migrate the design-system app.
* Refactor the consent toast to use sonner.
* Switch docs to use the new sonner toasts.
* Remove toast examples from the design-system app.
* Remove all toast-related components and old code.
* Fix the progress bar in the toast progress component. Also make the bottom components vertically centered.
* Fix the width of the toast progress.
* Use text-foreground-lighter instead of muted for ToastProgress text
* Rename ToastProgress to SonnerProgress.
* Shorten the text in sonner progress.
* Use the correct classes for the close button. Add a const var for the default toast duration. Remove the custom width class from sonner.
* Set the position for all progress toasts to bottom right. Set the duration for all toasts to the default (when reusing a toast id from loading/progress toast, the duration is set to infinity).
* Fix the playwright tests.
* Refactor imports to use ui instead of @ui.
* Change all imports of react-hot-toast with sonner. These components were merged since the last commit to this branch.
* Remove react-hot-toast lib.
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
Co-authored-by: Jonathan Summers-Muir <MildTomato@users.noreply.github.com>
* Support showing views in database tables page
* Support showing materialized views in database tables page
* Support showing foreign tables in database tables page
* Prevent deleting non table entities in database/tables, consistent with table editor
* Fix invalidation logic when deleting tables in database/tables
* Add create, update and delete mutations for tables.
* Use the new mutations instead of the table store.
* Fully remove the TableStore from the MetaStore.
* Move the methods from MetaStore into pure functions in SidePanelEditor utils.
* Remove TableStore.
* Refactor the onError callbacks to be on the mutations.
* Convert some of the UIStore invocations.
* Fixed not closing the modal in case of an error. Migrate some uses of uiStore.
* Use onSettled on all RQ hooks.
* Remove the ui param to the create/updateTable functions.
* Add a missing connection string.
* Add progress bar for loading UI for importing rows
* Update apps/studio/components/interfaces/TableGridEditor/SidePanelEditor/SidePanelEditor.utils.tsx
Co-authored-by: Alaister Young <alaister@users.noreply.github.com>
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
Co-authored-by: Alaister Young <alaister@users.noreply.github.com>
* chore: increase react-query stale time
* keep staleTime: 0 for table rows
* use staleTime: 0 for all user sql queries
* use staleTime: 0 for all pg-meta queries
* Some fixes
* fix updating tables
* fix bug while editing column names
* Fix deleting column in database/tables column list not revalidating UI
* Fix updating column in database/tables column list throwing ane rror
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* Only fetch the tables from the required schema in the MetaStore.
* Don't include the columns in the getTables API call unless a flag is passed.
* Use the new flag in the ForeignKeySelector.
* Columns should be included for the schema visualizer.
* Address comments.
* Sort by name
* Not name
* Fix
* Migrate the table query to use the new fetchers.
* Cleanup
* Cleanup
---------
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
* Move all studio files from /studio to /apps/studio.
* Move studio specific prettier ignores.
* Fix the ui references from studio.
* Fix the css imports.
* Fix all package.json issues.
* Fix the prettier setup for the studio app.
* Add .turbo folder to prettierignore.
* Fix the github workflows.
Charis