HIGHArchitecturemediumNext.js + Supabase Standards

Use a helper function for org-scoped RLS checks

Create an is_org_member(org_id) SECURITY DEFINER function and use it in all org-scoped RLS policies.

Why This Matters

Repeating the access check logic inline in every policy is error-prone. A centralized helper ensures consistency and is easier to update.

Related Rules

Use route groups to organize app sections

Architecture

HIGH

Colocate page files with their route segment

Architecture

MEDIUM

Use (select auth.uid()) instead of auth.uid() in policies

Performance

MEDIUM

Use kebab-case for file and directory names

Quality

MEDIUM

Catch this automatically on every PR

BeforeMerge scans your pull requests against this rule and 3+ others. Get actionable feedback before code ships.

Join Waitlist Browse All Rules

Why This Matters

A centralized helper function:

Single source of truth for access logic
Easy to update — change one function, all policies use it
SECURITY DEFINER — runs with elevated privileges to check profile table

Good

CREATE FUNCTION is_org_member(org_id uuid) RETURNS boolean AS $$
  SELECT EXISTS (
    SELECT 1 FROM profile
    WHERE user_id = auth.uid()
    AND organization_id = org_id
  )
$$ LANGUAGE sql SECURITY DEFINER;
 
-- All policies use the same helper
CREATE POLICY "org_access" ON scans USING (is_org_member(organization_id));
CREATE POLICY "org_access" ON findings USING (is_org_member(organization_id));

Use a helper function for org-scoped RLS checks

Why This Matters

Tags

Related Rules

Catch this automatically on every PR

Why This Matters

Good