Next.js Server Component role base access with Supabase
HTML-код
- Опубликовано: 8 сен 2024
- In this video I am going to show you how to do Role base access with Supabase and Next.js Server Component.
Code
github.com/Che...
Doc and tutorial
- dev.to/sruhled...
- • Implement Authorizatio... @Supabase
Support the channel : 🙏🌸
- donate 🌻: / dailywebcoding
Follow me: 👇
- Discord: / discord
- Github: github.com/Che...
I think supabase just updated the UI. right now you can do it in the sql editor and create the trigger from there by using this command.
create trigger after insert on auth.users for each row execute function ();
Apologises for being thick but could you tell me where I need to add this code?
Thank you again for your help, Mark
@@markbroomfield1818 In supabase dashboard sidebar. You can find SQL Editor. That's where you can run the code above
@@DailyWebCoding Apologies, I understand it needs to be added to the SQL Editor. However, does it need to be attached to anything else or just a seperate code and run? Thanks Mark
@@markbroomfield1818 ruclips.net/video/mcrqn77lUmM/видео.htmlsi=GiVaHvcrioXb9bZY you can check this video. Hope is can help you
@@DailyWebCoding Thank you so much for the quick work around on this.
Works a treat, great channel and please keep up the amazing work. Thanks Mark
There is one security problem with that aproach that you all guys have to be aware of.
If you make a "user" or "profile" table where you store all the user info like, name, avatar, settings, etc and you store the role on that same table you have a security issue there.
Because you will probably make a Row Level Security where you are going to allow users edit their own row in "user" table, therefore the user will have access to change his own role to "admin".
To solve this you have to add the "role" column on a different table and that table should have a Row Level Security that only allows to read and not to write/update.
gracias falcon, aprendi mucho de ti en un inicio y vaya sorpresa con el comentario, tienes razon!
@@guillermomarindavila5779 Muchas gracias a ti por ver mis videos, me alegra que te sirvieran!
thnx
Amazing video :) Please continue !
Thank you ❤️
Perfect tutorial, I was confused with managing the user accesses, this one cleared all the doubts, thanks ❤
Glad it helped!
Brilliant video - just what I needed. Thanks (and subscribed).
nice video and nice line-height
so clearly. thank you
we want more... ❤ could you do supabase and stripe?
I will look into that. Thank you for your suggestion.
Yes! stripe-supa -next 13.4-jotai
Great videos, thanks! Could you do one where anyone visiting the site can view the all the posts, but only an admin can update the posts that belong to them?
Thank you for your suggestion. I will try to do that.
yes pleaSE ! @@DailyWebCoding
Hello, great tutorial 👍 !
Everything was going fine until when I needed to select the auth table (timestamp 06:23) in the trigger ui. Only my public tables were available and not anything else! Is there a reason why I can't make triggers from any of the locked shemas?
Can you help. Thanks, Mark
currently facing the same thing right now, did you find the solution?
I think supabase just updated the UI. right now you can do it in the sql editor and create the trigger from there by using this command.
create trigger after insert on auth.users for each row execute function ();
hi a beginner here, why i cant choose the users from the trigger option right now ?
I think supabase just updated the UI. right now you can do it in the sql editor and create the trigger from there by using this command.
create trigger after insert on auth.users for each row execute function ();
I think a regional manager with several managers with several teams. Managers should only see their teams… etc. I’ve been thinking about how to make this works for several years now as I have learned to code.
Supabase has a roles column in auth.users I tried to use that but maybe that is not how it is supposed to be used maybe that's only there to be managed for supabase? I created a custom role give it to a user but then when I made the rule it was simply not working, of course I gave the user in auth.users that custom role but then I had to change it back to authenticated then update the rule and it worked normally.
You can check my latest video about role management in supabase Build Role Access Dashboard with Next.js 14,Supabase, Shadcn,Tailwind
ruclips.net/video/D7BzpvHM6JI/видео.html
nice video, i have a qustion, how can i change the role using params? i need create multiples roles
Currently I am working on a new video about this as well. Stay tuned for that
Are there any security flaws using this method?
Yes, that if you make a row level security that allows the user to update his profile or user info and is on the same table as the rol then he has access to update his role and set it to "admin" giving him self permissions.
One way to fix this is to have 2 diferent tables for the user, one for his data and other one for his role or permissions.
i am getting this error while sign up AuthApiError: duplicate key value violates unique constraint "user_pkey" as i am created trigger from sql editor
But how to set role while we signup not with supabase?
I need this too 😭 did you ever figure it out?
@@rgorai1029 yeah i make another table that containing userprofile and role and after signup an get token user need to set his role
@@rgorai1029 me too
sir can you create a react version of this please I dont understang nextJS
hey bro can you updated this please I need this and the role please dont just put the role in it manuall make it dynamic, also please take it slow man you kind super fast
Build Role Access Dashboard with Next.js 14,Supabase, Shadcn,Tailwind
ruclips.net/video/D7BzpvHM6JI/видео.html
You can check this one
@@DailyWebCoding thank you sir, are you able to create a video like this with reactJS alone please
Your head is covering code ... we really didn't need to see your face ... we just needed to see code which we couldn't for your head which makes this video useless ...