Add RLS Policy to Liked Courses #2
Description
User Story
As a user, I want to only be able to see my own liked courses in the courses_likes table so that my personal preferences remain private and secure.
Acceptance Criteria
- A row-level security (RLS) policy is implemented on the
courses_likestable, ensuring users can only view their own liked courses. - A database migration is created to apply the new RLS policy.
- Tests are written to verify that:
- ✅ A user can see their own liked courses.
- ✅ A user cannot see another user's liked courses.
- Proof of work is provided (e.g., screenshots of tests passing, SQL query results demonstrating correct access control).
Problem Statement
Currently, the courses_likes table does not have a row-level security policy, meaning users might have access to other users' liked courses. Implementing proper RLS ensures that each user can only see their own liked courses, improving data security and privacy.
Proposed Implementation
- Enable RLS on the
courses_likestable if not already enabled. - Write a row-level security policy that restricts access to only the user who created the entry (e.g., using
auth.uid() = user_id). - Create a migration file to apply the policy.
- Write test cases to verify the expected behavior.
- Provide proof of work, such as screenshots of test results or running SQL queries.
Additional Context
- The policy should follow the standard format used in Supabase for RLS.
- Testing can be done via SQL queries or using a Supabase SDK in a script (inside
@app/tests). - Proof of work can be attached as SQL query logs, test output, or screenshots.