mirror of
https://github.com/supabase/supabase.git
synced 2026-07-07 19:57:06 -04:00
3521ff06e1
## Context Back to working on the [RLS Tester](https://github.com/orgs/supabase/discussions/45233), slowly adding support for mutation queries. First part here will be to add support for testing `INSERT` based queries (Note that there's no changes to the sandbox stuff in this PR) ## Changes involved - If testing an `INSERT` query, we show a big warning first that the query will be ran on the actual DB - Note that we skip the warning if the sandbox is used <img width="534" height="231" alt="image" src="https://github.com/user-attachments/assets/ef75a0c9-61e4-49b0-9d78-458e8e5f7f4f" /> - If the testing as an anon user + RLS enabled <img width="601" height="386" alt="image" src="https://github.com/user-attachments/assets/b21f048d-bac1-4ddd-b84b-c231ae9f9e3e" /> - If testing as an auth-ed user + RLS enabled, but the INSERT violates RLS (conditions don't meet) <img width="604" height="489" alt="image" src="https://github.com/user-attachments/assets/41c40486-48d5-4eee-b7cd-8f993edc47be" /> - Else if testing as an auth-ed user + RLS enabled and INSERT matches RLS <img width="612" height="402" alt="image" src="https://github.com/user-attachments/assets/41854b40-b351-408b-8d23-cc5e0fa40813" /> - Minor cosmetic layout change here - Use layout horizontal - Also added the user ID below the dropdown with click to copy action for convenience <img width="615" height="528" alt="image" src="https://github.com/user-attachments/assets/b9c04395-5435-474a-b3c5-640143faa782" /> - Added inline guard againsts some conditions - Should not be able to run UPDATE or DELETE queries <img width="622" height="319" alt="image" src="https://github.com/user-attachments/assets/351af7c6-8f1e-47ae-8651-3b9b0b512490" /> - Should not be able to run multiple queries <img width="612" height="317" alt="image" src="https://github.com/user-attachments/assets/603d9a1f-1d1f-40f2-806d-93aea6b6cf8e" /> ## To test - [ ] Verify that the RLS Tester works as expected for an insert query - Against actual DB - Against sandbox (only available on staging) - [ ] Verify that inline guards are all working as expected - Let me know if there's any edge cases I might have missed! <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * RLS Tester results are now operation-aware (SELECT vs mutations), with clearer “no rows/all rows” and policy evaluation explanations. * Added copy-to-clipboard for the impersonated user ID. * Query parsing now surfaces richer context, including WHERE clause details and statement count, and SELECT-only previews. * **Bug Fixes** * Improved handling of blocked mutation queries and RLS-related error messaging. * Updated RLS Tester navigation to the correct policies page. * Refined sandbox-assisted execution flow and empty/error states. <!-- end of auto-generated comment: release notes by coderabbit.ai -->