Merge pull request #72 from sev-2/feat/grant-extras

Add extra grants for storage when create new role
sev-2 · Sep 25, 2024 · 8695817 · 8695817
2 parents b67fde0 + 8369882
commit 8695817
Showing 1 changed file with 17 additions and 3 deletions.
diff --git a/pkg/supabase/query/role.go b/pkg/supabase/query/role.go
@@ -83,13 +83,20 @@ func BuildCreateRoleQuery(role objects.Role) string {
 	BEGIN
 		IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '%s') THEN
 			CREATE ROLE %s WITH %s;
+			GRANT %s TO authenticator;
+			GRANT anon TO %s;
 		END IF;
 	END $$;
 	%s
 	GRANT %s TO authenticator;
 	COMMIT;`,
-		role.Name, role.Name, strings.Join(createRolClauses, "\n"),
-		configClause, role.Name,
+		role.Name,
+		role.Name,
+		strings.Join(createRolClauses, "\n"),
+		role.Name,
+		role.Name,
+		configClause,
+		role.Name,
 	)
 }
 
@@ -173,5 +180,12 @@ func BuildUpdateRoleQuery(newRole objects.Role, updateRoleParam objects.UpdateRo
 }
 
 func BuildDeleteRoleQuery(role objects.Role) string {
-	return fmt.Sprintf("DROP ROLE %s;", role.Name)
+	return fmt.Sprintf(`
+		REVOKE %s FROM authenticator;
+		REVOKE anon FROM %s;
+		DROP ROLE %s;`,
+		role.Name,
+		role.Name,
+		role.Name,
+	)
 }