From 0770271910c56bf959690a40d428416092a84e4f Mon Sep 17 00:00:00 2001
From: Mulia Nasution <mul14@users.noreply.github.com>
Date: Tue, 24 Sep 2024 21:17:20 +0700
Subject: [PATCH 1/2] feat: grant extras

---
 pkg/supabase/query/role.go | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/pkg/supabase/query/role.go b/pkg/supabase/query/role.go
index 864d1e72..9f9b833a 100644
--- a/pkg/supabase/query/role.go
+++ b/pkg/supabase/query/role.go
@@ -83,13 +83,20 @@ func BuildCreateRoleQuery(role objects.Role) string {
 	BEGIN
 		IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '%s') THEN
 			CREATE ROLE %s WITH %s;
+			GRANT %s TO authenticator;
+			GRANT anon TO %s;
 		END IF;
 	END $$;
 	%s
 	GRANT %s TO authenticator;
 	COMMIT;`,
-		role.Name, role.Name, strings.Join(createRolClauses, "\n"),
-		configClause, role.Name,
+		role.Name,
+		role.Name,
+		strings.Join(createRolClauses, "\n"),
+		role.Name,
+		role.Name,
+		configClause,
+		role.Name,
 	)
 }
 

From 83698822ff8614e8b7b28d9554fde740b2d4b658 Mon Sep 17 00:00:00 2001
From: Mulia Nasution <mul14@users.noreply.github.com>
Date: Tue, 24 Sep 2024 22:37:57 +0700
Subject: [PATCH 2/2] feat: revoke grant extras

---
 pkg/supabase/query/role.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/pkg/supabase/query/role.go b/pkg/supabase/query/role.go
index 9f9b833a..b8c1cd2f 100644
--- a/pkg/supabase/query/role.go
+++ b/pkg/supabase/query/role.go
@@ -180,5 +180,12 @@ func BuildUpdateRoleQuery(newRole objects.Role, updateRoleParam objects.UpdateRo
 }
 
 func BuildDeleteRoleQuery(role objects.Role) string {
-	return fmt.Sprintf("DROP ROLE %s;", role.Name)
+	return fmt.Sprintf(`
+		REVOKE %s FROM authenticator;
+		REVOKE anon FROM %s;
+		DROP ROLE %s;`,
+		role.Name,
+		role.Name,
+		role.Name,
+	)
 }