feat: add RLS policies to organizations table

[devin-ai-integration]

Add RLS policies to organizations table

Description

This PR implements Row Level Security (RLS) policies for the organizations table according to the ADR on applying RLS to all tables with organization-based policies.

Changes

• Enable RLS on the organizations table
• Add policies for authenticated users (SELECT, INSERT, UPDATE, DELETE)
• Add policies for service_role to allow backend operations

Related Issues

ADR: Apply RLS to All Tables with Organization-based Policies

Link to Devin run

https://app.devin.ai/sessions/dc858d720b6746b49b672101a932e353

Requested by

[email protected]

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
liam-app	❌ Failed (Inspect)			Apr 25, 2025 0:55am
liam-erd-sample	🛑 Canceled (Inspect)		💬 Add feedback	Apr 25, 2025 0:55am

1 Skipped Deployment

Name	Status	Preview	Comments	Updated (UTC)
liam-docs	⬜️ Ignored (Inspect)	Visit Preview		Apr 25, 2025 0:55am

[changeset-bot]

⚠️ No Changeset found

Latest commit: d2c1b05

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[supabase]

Updates to Preview Branch (devin/1745584509-add-rls-to-organizations-table) ↗︎

Deployments	Status	Updated
Database	✅	Fri, 25 Apr 2025 12:43:20 UTC
Services	✅	Fri, 25 Apr 2025 12:43:20 UTC
APIs	✅	Fri, 25 Apr 2025 12:43:20 UTC

Tasks are run on every commit but only new migration files are pushed.
Close and reopen this PR if you want to apply changes from existing seed or migration files.

Tasks	Status	Updated
Configurations	✅	Fri, 25 Apr 2025 12:43:20 UTC
Migrations	✅	Fri, 25 Apr 2025 12:43:20 UTC
Seeding	✅	Fri, 25 Apr 2025 12:43:20 UTC
Edge Functions	✅	Fri, 25 Apr 2025 12:43:20 UTC

---

View logs for this Workflow Run ↗︎.
Learn more about Supabase for Git ↗︎.

[qodo-merge-pro-for-open-source]

CI Feedback 🧐

(Feedback updated until commit d2c1b05)

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: frontend-ci

Failed stage: Run pnpm test:turbo [❌]

Failure summary: The action failed during the build process of the @liam-hq/db package. The TypeScript compiler encountered errors in the file src/index.ts with multiple instances of the same error: Error TS2306: File '/home/runner/work/liam/liam/frontend/packages/db/supabase/database.types.ts' is not a module. This error appears on lines 6, 13, 14 in src/index.ts and line 2 in src/types/supabase-overrides/index.ts. The build command failed with exit code 2, causing the entire workflow to fail.

Relevant error logs: 1: ##[group]Operating System 2: Ubuntu ... 155: ##[group]Run pnpm install --frozen-lockfile --prefer-offline 156: �[36;1mpnpm install --frozen-lockfile --prefer-offline�[0m 157: shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0} 158: env: 159: PNPM_HOME: /home/runner/setup-pnpm/node_modules/.bin 160: ##[endgroup] 161: Scope: all 17 workspace projects 162: Lockfile is up to date, resolution step is skipped 163: Progress: resolved 1, reused 0, downloaded 0, added 0 164: Packages: +1566 165: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 166: Progress: resolved 1566, reused 1303, downloaded 0, added 0 167: Progress: resolved 1566, reused 1561, downloaded 0, added 553 168: Progress: resolved 1566, reused 1561, downloaded 0, added 1437 169: Progress: resolved 1566, reused 1561, downloaded 0, added 1566, done 170: WARN  Failed to create bin at /home/runner/work/liam/liam/frontend/apps/erd-sample/node_modules/.bin/liam. ENOENT: no such file or directory, open '/home/runner/work/liam/liam/frontend/packages/cli/dist-cli/bin/cli.js' 171: devDependencies: ... 184: │ │ 185: │ Ignored build scripts: @biomejs/biome, @bundled-es-modules/glob, │ 186: │ @depot/cli, @prisma/client, @prisma/engines, @sentry/cli, core-js-pure, │ 187: │ esbuild, protobufjs, sharp, style-dictionary. │ 188: │ Run "pnpm approve-builds" to pick which dependencies should be allowed │ 189: │ to run scripts. │ 190: │ │ 191: ╰──────────────────────────────────────────────────────────────────────────────╯ 192: frontend/packages/jobs postinstall$ cp ../db-structure/node_modules/@ruby/prism/src/prism.wasm prism.wasm 193: frontend/apps/docs postinstall$ fumadocs-mdx 194: frontend/packages/jobs postinstall: Done 195: frontend/apps/docs postinstall: [MDX] types generated 196: frontend/apps/docs postinstall: Done 197: frontend/apps/app postinstall$ cp ../../packages/db-structure/node_modules/@ruby/prism/src/prism.wasm prism.wasm 198: frontend/apps/app postinstall: Done 199: WARN  Failed to create bin at /home/runner/work/liam/liam/frontend/apps/erd-sample/node_modules/.bin/liam. ENOENT: no such file or directory, open '/home/runner/work/liam/liam/frontend/apps/erd-sample/node_modules/@liam-hq/cli/dist-cli/bin/cli.js' 200: Done in 5.7s using pnpm v10.8.1 ... 639: 4f4fb700ef54: Verifying Checksum 640: 4f4fb700ef54: Download complete 641: 9ced58d1ef15: Verifying Checksum 642: 9ced58d1ef15: Download complete 643: 6bbeea27f58c: Verifying Checksum 644: 6bbeea27f58c: Download complete 645: d261077062b2: Pull complete 646: 2babd04ec7b1: Pull complete 647: 6bbeea27f58c: Pull complete 648: 2b092e92b1a0: Pull complete 649: 9ced58d1ef15: Pull complete 650: 4f4fb700ef54: Pull complete 651: Digest: sha256:4bc04aca94a44f04b427a490f346e7397ef7ce61fe589d718f744f7d92cb5c80 652: Status: Downloaded newer image for public.ecr.aws/supabase/vector:0.28.1-alpine 653: 2.8.1: Pulling from supabase/kong 654: failed to display json stream: toomanyrequests: Rate exceeded 655: Retrying after 4s: public.ecr.aws/supabase/kong:2.8.1 ... 927: [css] Wrote /home/runner/work/liam/liam/frontend/packages/ui/src/components/IconButton/IconButton.module.css.d.ts 928: [css] Wrote /home/runner/work/liam/liam/frontend/packages/ui/src/components/DropdownMenu/DropdownMenu.module.css.d.ts 929: [css] Wrote /home/runner/work/liam/liam/frontend/packages/ui/src/components/GridTable/GridTable.module.css.d.ts 930: [css] Wrote /home/runner/work/liam/liam/frontend/packages/ui/src/components/CookieConsent/CookieConsent.module.css.d.ts 931: [css] Wrote /home/runner/work/liam/liam/frontend/packages/ui/src/components/Drawer/Drawer.module.css.d.ts 932: [css] Wrote /home/runner/work/liam/liam/frontend/packages/ui/src/components/Callout/Callout.module.css.d.ts 933: [css] Wrote /home/runner/work/liam/liam/frontend/packages/ui/src/components/Button/Button.module.css.d.ts 934: [css] Wrote /home/runner/work/liam/liam/frontend/packages/ui/src/components/Avatar/Avatar.module.css.d.ts 935: [css] Wrote /home/runner/work/liam/liam/frontend/packages/ui/src/styles/globals.css.d.ts 936: [css] pnpm run gen:css exited with code 0 937: ##[endgroup] 938: �[;31m@liam-hq/db:build�[;0m 939: cache miss, executing 527bceaa04b715d6 940: > @liam-hq/[email protected] build /home/runner/work/liam/liam/frontend/packages/db 941: > tsc 942: ##[error]src/index.ts(6,31): error TS2306: File '/home/runner/work/liam/liam/frontend/packages/db/supabase/database.types.ts' is not a module. 943: ##[error]src/index.ts(13,31): error TS2306: File '/home/runner/work/liam/liam/frontend/packages/db/supabase/database.types.ts' is not a module. 944: ##[error]src/index.ts(14,29): error TS2306: File '/home/runner/work/liam/liam/frontend/packages/db/supabase/database.types.ts' is not a module. 945: ##[error]src/types/supabase-overrides/index.ts(2,52): error TS2306: File '/home/runner/work/liam/liam/frontend/packages/db/supabase/database.types.ts' is not a module. 946: ELIFECYCLE  Command failed with exit code 2. 947: [ERROR] command finished with error: command (/home/runner/work/liam/liam/frontend/packages/db) /home/runner/setup-pnpm/node_modules/.bin/pnpm run build exited (2) 948: ##[group]@liam-hq/erd-core:gen ... 953: ##[group]@liam-hq/db-structure:test 954: cache miss, executing 857612c915dfe7d4 955: > @liam-hq/[email protected] test /home/runner/work/liam/liam/frontend/packages/db-structure 956: > vitest --watch=false 957: ##[endgroup] 958: ##[group]@liam-hq/db-structure:build 959: cache miss, executing 66d8ac31d7030990 960: > @liam-hq/[email protected] build /home/runner/work/liam/liam/frontend/packages/db-structure 961: > tsc && pnpm run cp:prism 962: ##[endgroup] 963: ##[group]@liam-hq/github:build 964: cache miss, executing 4ab10ec8291930b4 965: > @liam-hq/[email protected] build /home/runner/work/liam/liam/frontend/packages/github 966: > tsc 967: ##[endgroup] 968: ##[error]@liam-hq/db#build: command (/home/runner/work/liam/liam/frontend/packages/db) /home/runner/setup-pnpm/node_modules/.bin/pnpm run build exited (2) 969: Tasks: 3 successful, 8 total 970: Cached: 0 cached, 8 total 971: Time: 4.358s 972: Failed: @liam-hq/db#build 973: ERROR run failed: command exited (2) 974: ELIFECYCLE  Command failed with exit code 2. 975: ##[error]Process completed with exit code 2. 976: Post job cleanup.