-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathallow_insecure_access.sql
More file actions
29 lines (23 loc) · 1.21 KB
/
allow_insecure_access.sql
File metadata and controls
29 lines (23 loc) · 1.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
-- ⚠️ ALLOW INSECURE ACCESS (For Testing "No Security" Mode)
-- Run this script if you are testing the app without email confirmation/login
-- and relying on the URL parameter bypass.
-- 1. Enable RLS (It's safer to keep it enabled and add permissive policies than to disable it entirely)
ALTER TABLE public.users ENABLE ROW LEVEL SECURITY;
-- 2. Drop existing restrictive policies (if any conflict)
DROP POLICY IF EXISTS "Users can insert their own profile" ON public.users;
DROP POLICY IF EXISTS "Users can update their own profile" ON public.users;
DROP POLICY IF EXISTS "Users can view their own profile" ON public.users;
DROP POLICY IF EXISTS "Users can view own profile" ON public.users;
DROP POLICY IF EXISTS "Users can update own profile" ON public.users;
DROP POLICY IF EXISTS "Users can insert own profile" ON public.users;
-- 3. Create Permissive Policies (Allow ANYONE to read/write)
-- This allows the "no security" mode to work by letting unauthenticated users update the table.
CREATE POLICY "Allow public insert"
ON public.users FOR INSERT
WITH CHECK (true);
CREATE POLICY "Allow public update"
ON public.users FOR UPDATE
USING (true);
CREATE POLICY "Allow public select"
ON public.users FOR SELECT
USING (true);