mirror of
https://github.com/supabase/supabase.git
synced 2026-05-07 09:20:21 -04:00
Joshen Lim
5f867e5f6c
## Context Resolves FE-3077 Related discussion: https://github.com/orgs/supabase/discussions/45233 Verifying the correctness of your RLS policies set up has always been a gap, as highlighted by a number of GitHub discussions like [here](https://github.com/orgs/supabase/discussions/12269) and [here](https://github.com/orgs/supabase/discussions/14401). As such, we're piloting a dedicated UI for RLS testing (using role impersonation as the base), in which you'll be able to - Run a SQL query as a user (not logged in / logged in - this is the role impersonation part) - See which RLS policies are being evaluated as part of the query - And hopefully be able to debug which policies are not set up correctly Changes are currently set as a feature preview - and we'll iterate as we get feedback from everyone 🙂 🙏 <img width="613" height="957" alt="image" src="https://github.com/user-attachments/assets/83c37f8a-28fc-43b3-b0ff-e28571d8710c" /> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * RLS Tester: run queries as anon or authenticated users, view inferred SQL, per-table policy summaries, and data previews of accessible rows. * UI preview: new RLS Tester preview card and modal with opt-in toggle; RLS Tester sheet with role/user selector and query editor. * SQLEditor: “Explain” tab is always visible. * **Chores** * Added supporting API endpoints, background checks for table RLS status, and a local-storage flag to persist the preview opt-in. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
57 lines
1.6 KiB
TypeScript
57 lines
1.6 KiB
TypeScript
import { useMutation } from '@tanstack/react-query'
|
|
import { toast } from 'sonner'
|
|
|
|
import { constructHeaders, fetchHandler } from '@/data/fetchers'
|
|
import { BASE_PATH } from '@/lib/constants'
|
|
import { ResponseError, UseCustomMutationOptions } from '@/types'
|
|
|
|
type ParseSQLQueryVariables = { sql: string }
|
|
export type ParseSQLQueryResponse = {
|
|
tables: string[]
|
|
operation: 'SELECT' | 'INSERT' | 'UPDATE' | 'DELETE' | undefined
|
|
}
|
|
|
|
export async function parseSQLQuery({ sql }: ParseSQLQueryVariables) {
|
|
try {
|
|
const url = `${BASE_PATH}/api/parse-query`
|
|
|
|
const headers = await constructHeaders({ 'Content-Type': 'application/json' })
|
|
const response = await fetchHandler(url, {
|
|
headers,
|
|
method: 'POST',
|
|
body: JSON.stringify({ sql }),
|
|
}).then((res) => res.json())
|
|
|
|
if (response.error) throw new Error(response.error)
|
|
return response as ParseSQLQueryResponse
|
|
} catch (error) {
|
|
throw error
|
|
}
|
|
}
|
|
|
|
type ParseSQLQueryData = Awaited<ReturnType<typeof parseSQLQuery>>
|
|
|
|
export const useParseSQLQueryMutation = ({
|
|
onSuccess,
|
|
onError,
|
|
...options
|
|
}: Omit<
|
|
UseCustomMutationOptions<ParseSQLQueryData, ResponseError, ParseSQLQueryVariables>,
|
|
'mutationFn'
|
|
> = {}) => {
|
|
return useMutation<ParseSQLQueryData, ResponseError, ParseSQLQueryVariables>({
|
|
mutationFn: (vars) => parseSQLQuery(vars),
|
|
async onSuccess(data, variables, context) {
|
|
await onSuccess?.(data, variables, context)
|
|
},
|
|
async onError(data, variables, context) {
|
|
if (onError === undefined) {
|
|
toast.error(`Failed to parse query: ${data.message}`)
|
|
} else {
|
|
onError(data, variables, context)
|
|
}
|
|
},
|
|
...options,
|
|
})
|
|
}
|