supabase / supabase / 23228979213

73%

push

github

[FE-2479] chore(studio): revoke default grants in public on project creation (#43704)

When the `tableEditorApiAccessToggle` feature flag is enabled, project
creation now appends SQL to revoke default privileges for `anon`,
`authenticated`, and `service_role` on the `public` schema. This runs
after the base image init script's default grants. This is temporary
while we're still using a feature flag. Eventually it'll be moved into
the base image.

Applies to both the main project creation flow and the Vercel deploy
button flow.

Part of the "Secure by Default" initiative – new projects created under
this flag won't automatically expose tables/functions/sequences to the
Data API via default privileges. Users can still opt in at a table
level.

## Notes

Reusing the existing `useDataApiGrantTogglesEnabled()` flag here rather
than creating a new one – it's the same feature surface area and avoids
unnecessary flag proliferation.

## To test

1. **With flag enabled:**
- Enable the `tableEditorApiAccessToggle` flag in PostHog for your user
   - Create a new project via the dashboard
   - Create a new table
- Confirm in `/project/_/integrations/data_api/settings` that the new
table is not exposed by default

2. **With flag disabled:**
   - Disable the flag (or use a different user without it)
   - Create a new project
- Verify default privileges are intact and tables are accessible via the
Data API as usual

3. **With RLS event trigger enabled too:**
- Enable both the feature flag and the "enable RLS event trigger"
checkbox during project creation
   - Verify both SQL statements run correctly on the new project

---------

Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>

846 of 959 branches covered (88.22%)

Branch coverage included in aggregate %.

3119 of 4438 relevant lines covered (70.28%)

110.04 hits per line