sipher/supabase/sql_snippets/User Access Policy for Search Function.sql

-- Drop existing policies and function

DROP
POLICY IF EXISTS "Allow SUUID searches" ON public.users;

DROP
POLICY IF EXISTS "Allow SUUID searches - Exact Match" ON public.users;

DROP
POLICY IF EXISTS "Allow SUUID searches - Permissive" ON public.users;

DROP FUNCTION IF EXISTS search_users(text);


-- Create a new policy to explicitly allow SUUID searches

CREATE
POLICY "Allow SUUID searches - Exact Match" ON public.users

FOR
SELECT
    USING (

    suuid = current_setting('request.jwt.claims')::json->>'search_term'
    OR indexable = true

    );


-- Create an alternative approach: more permissive policy for SUUID searches

CREATE
POLICY "Allow SUUID searches - Permissive" ON public.users

FOR
SELECT
    USING (

    suuid = ANY (

    ARRAY (

    SELECT
    unnest(

    regexp_split_to_array(

    current_setting('request.jwt.claims')::json->>'search_term', ','

    )

    )

    )

    )
    OR indexable = true

    );


-- Create or replace the search_users function

CREATE
OR REPLACE FUNCTION public.search_users (search_term TEXT)

RETURNS TABLE (

    uuid UUID,

    suuid TEXT,

    username TEXT,

    indexable BOOLEAN,

    public_key JSONB

) AS $$

BEGIN

    -- Set the search term in the current transaction

    PERFORM
set_config('request.jwt.claims', json_build_object('search_term', search_term)::text, true);



RETURN QUERY

SELECT u.uuid,

       u.suuid::TEXT, CASE
    WHEN u.suuid = search_term OR u.indexable THEN u.username
    ELSE NULL
    END,

       u.indexable,

       u.public_key

FROM public.users u

WHERE u.suuid = search_term

   OR (
    u.indexable = true AND
    u.username ILIKE '%' || search_term || '%'
    );

END;

$$
LANGUAGE plpgsql SECURITY DEFINER;