1 00:00:01,290 --> 00:00:04,890 ‫So now let's attempt to access our data 2 00:00:04,890 --> 00:00:07,680 ‫from Supabase on our local computer, 3 00:00:07,680 --> 00:00:11,223 ‫and then we're gonna learn about row-level security. 4 00:00:12,900 --> 00:00:17,900 ‫So back here in Supabase, let's now come to this API docs. 5 00:00:19,350 --> 00:00:23,250 ‫So basically, Supabase automatically creates an entire 6 00:00:23,250 --> 00:00:27,300 ‫API documentation for all of our tables, 7 00:00:27,300 --> 00:00:30,510 ‫so that's really helpful, and so let's check it out 8 00:00:30,510 --> 00:00:32,223 ‫here for the cabins. 9 00:00:33,300 --> 00:00:36,390 ‫So essentially, we can access our data 10 00:00:36,390 --> 00:00:40,200 ‫using the JavaScript library, so by using this, 11 00:00:40,200 --> 00:00:43,590 ‫and then all we have to do is to copy this code, 12 00:00:43,590 --> 00:00:48,300 ‫or we can use it as an actual RESTful API. 13 00:00:48,300 --> 00:00:50,910 ‫So, that's what this here is. 14 00:00:50,910 --> 00:00:55,478 ‫So we can basically just send a request to this URL 15 00:00:55,478 --> 00:00:58,080 ‫right here, where this first part here 16 00:00:58,080 --> 00:01:02,910 ‫is the URL of our project, and then we have here our table 17 00:01:02,910 --> 00:01:05,580 ‫and then all the columns that we want. 18 00:01:05,580 --> 00:01:10,260 ‫Then we need to send our API key, and then here again, 19 00:01:10,260 --> 00:01:13,330 ‫that key has an authorization header. 20 00:01:13,330 --> 00:01:16,680 ‫So let's actually try to do that here. 21 00:01:16,680 --> 00:01:19,710 ‫And so for each of the table columns, 22 00:01:19,710 --> 00:01:22,980 ‫we have a different example here that we can copy, 23 00:01:22,980 --> 00:01:26,553 ‫but let's come to the one where we read all the rows. 24 00:01:28,470 --> 00:01:31,680 ‫So then let's come here, where it says that the project 25 00:01:31,680 --> 00:01:35,580 ‫API key is hidden, and so then here we need to select 26 00:01:35,580 --> 00:01:38,520 ‫that we actually want to show our public, 27 00:01:38,520 --> 00:01:40,653 ‫so this anon key right here. 28 00:01:41,490 --> 00:01:45,540 ‫And so then basically this here is the key 29 00:01:45,540 --> 00:01:49,950 ‫that we can use on the front end to access our data, 30 00:01:49,950 --> 00:01:51,690 ‫but more about that later. 31 00:01:51,690 --> 00:01:53,760 ‫For now, let's just copy this code 32 00:01:53,760 --> 00:01:56,490 ‫and paste it into some terminal, 33 00:01:56,490 --> 00:01:59,520 ‫because this is going to be a curl request. 34 00:01:59,520 --> 00:02:03,720 ‫So curl is basically to make some HTTP requests 35 00:02:03,720 --> 00:02:05,403 ‫right in the terminal. 36 00:02:06,450 --> 00:02:09,883 ‫So let's paste that in, then let's hit enter, 37 00:02:09,883 --> 00:02:14,883 ‫and we don't get an error, which is already a success. 38 00:02:15,480 --> 00:02:19,200 ‫Now, we also don't get any data, so instead, 39 00:02:19,200 --> 00:02:22,590 ‫we only get this empty array here, and so the reason 40 00:02:22,590 --> 00:02:26,490 ‫for that is the row-level security that we enabled 41 00:02:26,490 --> 00:02:30,570 ‫at the very beginning when we first created this table. 42 00:02:30,570 --> 00:02:33,540 ‫So what these row-level security tables do 43 00:02:33,540 --> 00:02:37,260 ‫is to prevent anyone who owns this key here 44 00:02:37,260 --> 00:02:41,700 ‫from basically doing whatever they want with our database. 45 00:02:41,700 --> 00:02:44,700 ‫So if it wasn't for the role level security 46 00:02:44,700 --> 00:02:49,700 ‫or RLS policies then whoever had this key here could really, 47 00:02:49,963 --> 00:02:52,170 ‫for example, delete our database 48 00:02:52,170 --> 00:02:54,840 ‫or edit whatever they wanted. 49 00:02:54,840 --> 00:02:57,960 ‫So of course, we don't want that to happen. 50 00:02:57,960 --> 00:03:00,930 ‫We only want certain operations to be allowed, 51 00:03:00,930 --> 00:03:04,500 ‫and so that's why we can cert, and so that's what we can set 52 00:03:04,500 --> 00:03:07,290 ‫these RLS policies for. 53 00:03:07,290 --> 00:03:10,582 ‫So, row-level security policies. 54 00:03:10,582 --> 00:03:14,340 ‫So let me show you how we can do that. 55 00:03:14,340 --> 00:03:19,020 ‫So let's come here to authentication. 56 00:03:19,020 --> 00:03:22,500 ‫Yeah, and then here is policies. 57 00:03:22,500 --> 00:03:25,829 ‫So let's click on policies, and then here, 58 00:03:25,829 --> 00:03:27,840 ‫we have our four tables. 59 00:03:27,840 --> 00:03:30,810 ‫And by the way, if you're wondering why we didn't create 60 00:03:30,810 --> 00:03:33,690 ‫that users table for authentication, 61 00:03:33,690 --> 00:03:36,480 ‫it's because we will do that separately. 62 00:03:36,480 --> 00:03:39,030 ‫So the Supabase authentication feature 63 00:03:39,030 --> 00:03:42,300 ‫doesn't require us to manually create a table, 64 00:03:42,300 --> 00:03:45,750 ‫but instead, Supabase will do that automatically. 65 00:03:45,750 --> 00:03:49,500 ‫Our users are then gonna be saved here in this table. 66 00:03:49,500 --> 00:03:51,000 ‫But for now, let's stay here 67 00:03:51,000 --> 00:03:53,793 ‫on these row-level security policies. 68 00:03:54,810 --> 00:03:58,560 ‫So we were working with the cabins table, and here again, 69 00:03:58,560 --> 00:04:01,680 ‫we can see that this role level security 70 00:04:01,680 --> 00:04:05,160 ‫is actually enabled, and so that is, again, 71 00:04:05,160 --> 00:04:07,710 ‫the reason why we didn't receive the data 72 00:04:07,710 --> 00:04:09,873 ‫when we did that request. 73 00:04:10,890 --> 00:04:15,120 ‫So in order to now allow us to actually receive the data, 74 00:04:15,120 --> 00:04:17,670 ‫let's create a new policy. 75 00:04:17,670 --> 00:04:21,150 ‫And so then let's select get started quickly, 76 00:04:21,150 --> 00:04:24,990 ‫'cause we just want to create a policy from a template, 77 00:04:24,990 --> 00:04:26,940 ‫and so actually this first one 78 00:04:26,940 --> 00:04:29,700 ‫is exactly what we want for now. 79 00:04:29,700 --> 00:04:33,630 ‫So first we want to enable everyone to have read access 80 00:04:33,630 --> 00:04:37,500 ‫to this table, while later, we will probably then enable 81 00:04:37,500 --> 00:04:41,103 ‫this one here, so only for authenticated users. 82 00:04:41,970 --> 00:04:46,440 ‫But now let's do this one, use this template, and then 83 00:04:46,440 --> 00:04:50,493 ‫we really just have to click here on review and save. 84 00:04:51,689 --> 00:04:56,160 ‫Okay. And so what this one will do, as the name says, 85 00:04:56,160 --> 00:04:59,370 ‫is to enable read access for everyone. 86 00:04:59,370 --> 00:05:02,130 ‫And so if we come back to our terminal 87 00:05:02,130 --> 00:05:05,700 ‫and then try that again, then... 88 00:05:05,700 --> 00:05:08,940 ‫Beautiful! We have now our array 89 00:05:08,940 --> 00:05:12,000 ‫with this very first object that we created. 90 00:05:12,000 --> 00:05:15,450 ‫So this first cabin. Great! 91 00:05:15,450 --> 00:05:18,150 ‫And if we wanted to create a post request, 92 00:05:18,150 --> 00:05:22,140 ‫so, to create a new cabin, then that again 93 00:05:22,140 --> 00:05:25,620 ‫would not be allowed, because we didn't create a new policy 94 00:05:25,620 --> 00:05:28,410 ‫for that type of access yet, 95 00:05:28,410 --> 00:05:31,110 ‫and we actually won't do that for now, 96 00:05:31,110 --> 00:05:33,990 ‫so for now, let's just enable access 97 00:05:33,990 --> 00:05:37,710 ‫to all of these resources for all users. 98 00:05:37,710 --> 00:05:42,210 ‫And later on we will then again change this so that only 99 00:05:42,210 --> 00:05:47,043 ‫locked in users, so only authenticated users, can do this. 100 00:05:47,880 --> 00:05:49,623 ‫So, can access all resources. 101 00:05:51,930 --> 00:05:53,090 ‫Okay... 102 00:05:56,100 --> 00:05:59,763 ‫And then also for the settings. 103 00:06:00,600 --> 00:06:03,423 ‫So this code here is not really important. 104 00:06:05,820 --> 00:06:08,730 ‫What matters is that now we will be able to access 105 00:06:08,730 --> 00:06:12,480 ‫all this data right in our React application, 106 00:06:12,480 --> 00:06:15,303 ‫and so let's actually do that in the next video.