Your system is enforcing RLS without fallback or admin override from the frontend tool — which means even if we provide correct data manually, it won’t insert unless we route through a valid Supabase user session or bypass RLS in dev mode. #53
Description
Your system is enforcing RLS without fallback or admin override from the frontend tool — which means even if we provide correct data manually, it won’t insert unless we route through a valid Supabase user session or bypass RLS in dev mode📬 TO LOVABLE QA / SUPPORT:
Hey team — here’s the exact outcome of a test you partially passed but still failed in crucial ways.
✅ Abraham Garcia inserted successfully. Profile data and schema alignment were valid.
❌ Rafa Garcia and Michael Pina failed with:
swift
Copy
Edit
{"code":"42501","message":"new row violates row-level security policy for table "cv_profiles""}
This confirms that your Supabase RLS rules are blocking valid POST requests to the cv_profiles table. Even with complete and valid JSON, the system enforces a security block — likely due to:
Missing authenticated Supabase session
Or user_id mismatch vs expected auth.uid() in RLS
❌ Victor Hugo failed repeatedly until we manually corrected:
Schema misalignment (profile_type was invalid)
JSON quote formatting
Misplaced insert field name (mock_flag vs is_mock)
👉 Your system is enforcing RLS without fallback or admin override from the frontend tool — which means even if we provide correct data manually, it won’t insert unless we route through a valid Supabase user session or bypass RLS in dev mode.
📣 What we need fixed now:
Either add dev-mode override for RLS or whitelist backend insert flows.
Ensure create-cv or resume entry screen triggers a Supabase session-linked row on first entry — not a UI shell.
Add JSON validation (escape quotes, enforce required schema).
Add a debug log toggle to show what blocked the insert in the admin view.