Supabase: RLS policies revisit
xmliszt opened this issue · comments
Currently, our RLS policies are not ideally secure. For example, all users should not be allowed to read user's data.
This can be improved with service_role client which can be created at NextJS server side.
That means, this requires us to refactor the code base first, change from client component to server component and create server actions in Next14 (need upgrade Next13 -> Next14), otherwise, put the logics in NextJS API routes.