Skip to content

Commit 3bc4787

Browse files
andinuxandinux
committed
chore(claude): update test-sync-roundtrip-rls command to reflect the updated integration with RLS
1 parent 9ea552f commit 3bc4787

File tree

1 file changed

+2
-11
lines changed

1 file changed

+2
-11
lines changed

.claude/commands/test-sync-roundtrip-rls.md

Lines changed: 2 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -112,31 +112,25 @@ Inside psql:
112112
8. Create RLS policies based on the user's description. Example for "user can only access their own rows":
113113
```sql
114114
-- SELECT: User can see rows they own
115-
-- Helper function fallback handles ON CONFLICT edge cases where user_id resolves to EXCLUDED row
116115
CREATE POLICY "select_own_rows" ON <table_name>
117116
FOR SELECT USING (
118117
auth.uid() = user_id
119-
OR auth.uid() = <table_name>_get_owner(id)
120118
);
121119

122-
-- INSERT: Allow if user_id matches auth.uid() OR is default (cloudsync staging)
120+
-- INSERT: Allow if user_id matches auth.uid()
123121
CREATE POLICY "insert_own_rows" ON <table_name>
124122
FOR INSERT WITH CHECK (
125123
auth.uid() = user_id
126-
OR user_id = '00000000-0000-0000-0000-000000000000'::uuid
127124
);
128125

129-
-- UPDATE: Check ownership via explicit lookup, allow default for staging
126+
-- UPDATE: Check ownership via explicit lookup
130127
CREATE POLICY "update_own_rows" ON <table_name>
131128
FOR UPDATE
132129
USING (
133130
auth.uid() = user_id
134-
OR auth.uid() = <table_name>_get_owner(id)
135-
OR user_id = '00000000-0000-0000-0000-000000000000'::uuid
136131
)
137132
WITH CHECK (
138133
auth.uid() = user_id
139-
OR user_id = '00000000-0000-0000-0000-000000000000'::uuid
140134
);
141135

142136
-- DELETE: User can only delete rows they own
@@ -148,9 +142,6 @@ Inside psql:
148142
9. Initialize cloudsync: `SELECT cloudsync_init('<table_name>');`
149143
10. Insert some initial test data (optional, can be done via SQLite clients)
150144

151-
**Why these specific policies?**
152-
CloudSync uses `INSERT...ON CONFLICT DO UPDATE` for field-by-field synchronization. During conflict detection, PostgreSQL's RLS may compare `auth.uid()` against the EXCLUDED row's `user_id` (which has the default value) instead of the existing row's `user_id`. The helper function explicitly looks up the existing row's owner to work around this issue. See `docs/postgresql/RLS.md` for detailed explanation.
153-
154145
### Step 5: Get JWT Tokens for Two Users
155146

156147
Get JWT tokens for both test users by running the token script twice:

0 commit comments

Comments
 (0)