Add a new warning about not having RLS policies in place

trathailoi · Mar 23, 2023 · 0391ce9 · 0391ce9
1 parent 1d5e7c8
commit 0391ce9
Showing 1 changed file with 36 additions and 7 deletions.
diff --git a/studio/components/interfaces/TableGridEditor/SidePanelEditor/TableEditor/TableEditor.tsx b/studio/components/interfaces/TableGridEditor/SidePanelEditor/TableEditor/TableEditor.tsx
@@ -1,6 +1,6 @@
 import { FC, useEffect, useState } from 'react'
 import { isUndefined, isEmpty } from 'lodash'
-import { Badge, Checkbox, SidePanel, Input, Alert } from 'ui'
+import { Badge, Checkbox, SidePanel, Input, Alert, IconBookOpen, Button } from 'ui'
 import type { PostgresTable, PostgresType } from '@supabase/postgres-meta'
 
 import { useStore } from 'hooks'
@@ -19,6 +19,7 @@ import {
 } from './TableEditor.utils'
 import { useForeignKeyConstraintsQuery } from 'data/database/foreign-key-constraints-query'
 import { useProjectContext } from 'components/layouts/ProjectLayout/ProjectContext'
+import Link from 'next/link'
 
 interface Props {
   table?: PostgresTable
@@ -226,18 +227,46 @@ const TableEditor: FC<Props> = ({
                   <p>
                     Restrict access to your table by enabling RLS and writing Postgres policies.
                   </p>
-                  <p>
-                    RLS is secure by default - all normal access to this table must be allowed by a
-                    policy.
-                  </p>
-                  {!tableFields.isRLSEnabled && (
+
+                  {tableFields.isRLSEnabled ? (
                     <Alert
                       withIcon
                       variant="warning"
                       className="!px-4 !py-3 mt-3"
+                      title="RLS policies are required to query data"
+                    >
+                      <p>
+                        You need to write a policy before you can query data from this table.
+                        Without a policy, querying this table will result in an <u>empty array</u>{' '}
+                        of results.
+                      </p>
+                      <p className="mt-4">
+                        <Link href="https://supabase.com/docs/guides/auth/row-level-security">
+                          <a target="_blank">
+                            <Button type="default" icon={<IconBookOpen strokeWidth={1.5} />}>
+                              RLS Documentation
+                            </Button>
+                          </a>
+                        </Link>
+                      </p>
+                    </Alert>
+                  ) : (
+                    <Alert
+                      withIcon
+                      variant="danger"
+                      className="!px-4 !py-3 mt-3"
                       title="Turning off RLS means that you are allowing anonymous access to your table"
                     >
-                      As such, anyone with the anonymous key can modify or delete your data.
+                      <p>As such, anyone with the anonymous key can modify or delete your data.</p>
+                      <p className="mt-4">
+                        <Link href="https://supabase.com/docs/guides/auth/row-level-security">
+                          <a target="_blank">
+                            <Button type="default" icon={<IconBookOpen strokeWidth={1.5} />}>
+                              RLS Documentation
+                            </Button>
+                          </a>
+                        </Link>
+                      </p>
                     </Alert>
                   )}
                 </>