Skip to content

Enable RLS on security_settings table#1576

Merged
riderx merged 4 commits intomainfrom
riderx/enable-security-rls
Feb 4, 2026
Merged

Enable RLS on security_settings table#1576
riderx merged 4 commits intomainfrom
riderx/enable-security-rls

Conversation

@riderx
Copy link
Copy Markdown
Member

@riderx riderx commented Feb 4, 2026
edited by coderabbitai bot
Loading

Summary (AI generated)

  • Enable RLS on public.security_settings.

Test plan (AI generated)

  • bun lint:backend

Screenshots (AI generated)

  • N/A (backend-only change).

Checklist (AI generated)

  • My code follows the code style of this project and passes
    bun run lint:backend && bun run lint.
  • My change requires a change to the documentation.
  • I have updated the documentation
    accordingly.
  • My change has adequate E2E test coverage.
  • I have tested my code manually, and I have provided steps how to reproduce
    my tests

Summary by CodeRabbit

  • Security
    • Implemented access restrictions at the database level for security settings to enforce protection against unauthorized access.

Copilot AI review requested due to automatic review settings February 4, 2026 05:15
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai bot commented Feb 4, 2026
edited
Loading

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Walkthrough

This pull request adds a SQL migration that enables Row Level Security (RLS) on the public.security_settings table and creates a blanket deny policy for authenticated and anonymous roles, preventing all read and write access to the table.

Changes

Cohort / File(s) Summary
RLS Security Migration
supabase/migrations/20260204051137_enable_security_settings_rls.sql		 Enables RLS on public.security_settings table and creates a deny-all policy for authenticated and anon roles, blocking all access unless explicitly permitted by other policies.

Estimated Code Review Effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly Related PRs

Poem

🐰 A bunny hops through database gates,
With RLS now sealing fates,
Security settings locked up tight,
No nibbling through—only right! 🔐

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch riderx/enable-security-rls

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 SQLFluff (4.0.0)
supabase/migrations/20260204051137_enable_security_settings_rls.sql

User Error: No dialect was specified. You must configure a dialect or specify one on the command line using --dialect after the command. Available dialects:
ansi, athena, bigquery, clickhouse, databricks, db2, doris, duckdb, exasol, flink, greenplum, hive, impala, mariadb, materialize, mysql, oracle, postgres, redshift, snowflake, soql, sparksql, sqlite, starrocks, teradata, trino, tsql, vertica

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Copilot AI reviewed Feb 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR introduces a migration to enable Row Level Security (RLS) on the public.security_settings singleton table to tighten security around global security cutover settings.

Changes:

  • Adds a migration that issues ALTER TABLE "public"."security_settings" ENABLE ROW LEVEL SECURITY;.

supabase/migrations/20260204051137_enable_security_settings_rls.sql Outdated
@@ -0,0 +1,2 @@
-- Enable RLS on singleton security settings table
ALTER TABLE "public"."security_settings" ENABLE ROW LEVEL SECURITY;
Copy link

Copilot AI Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This migration enables RLS on "public.security_settings" before the table is created (the table is first created in 20260204103000_mfa_email_otp_guard.sql), so a fresh supabase db reset or a new environment applying migrations in order will fail with relation "public.security_settings" does not exist. To avoid this, move the ALTER TABLE ... ENABLE ROW LEVEL SECURITY into the migration that creates the table or add a migration that both creates the table and enables RLS, ensuring the ALTER TABLE runs only after the table exists.

Suggested change
ALTER TABLE "public"."security_settings" ENABLE ROW LEVEL SECURITY;
ALTER TABLE IF EXISTS "public"."security_settings" ENABLE ROW LEVEL SECURITY;

Copilot uses AI. Check for mistakes.
@riderx riderx merged commit bdcaa46 into main Feb 4, 2026
6 of 8 checks passed
@riderx riderx deleted the riderx/enable-security-rls branch February 4, 2026 05:42
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Feb 4, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@riderx
Copy link
Copy Markdown
Member Author

riderx commented Feb 5, 2026

/tip @Judel777 $70

@algora-pbc
Copy link
Copy Markdown

algora-pbc bot commented Feb 5, 2026

🎉🎈 @Judel777 has been awarded $70 by Capgo! 🎈🎊

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

💰 Rewarded

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@riderx