PostgreSQL constraints, PostgREST translations, and Row Level Security implementation logic.

Database & Row Level Security (E)

EshtriAppN utilizes a deeply hardened PostgreSQL instance deployed via Supabase. All logic, filtering, and data sanitization are enforced natively at the database layer using Row Level Security (RLS). This absolutely ensures that API vulnerabilities or compromised frontend states cannot leak arbitrary data.

Supabase Schema

The core marketplace tables are physically isolated inside atomic schemas.

public: Houses active B2C entities (Listings, Users, Categories, Orders).
auth: Houses core immutable Identity constraints mapping directly to public.users.
storage: Houses multimedia boundaries enforcing strict MIME type mappings.

Row Level Security (RLS) Blueprint

Access controls are evaluated mathematically on every single SELECT, INSERT, UPDATE, and DELETE.

-- Example: Admin Check Implementation
CREATE POLICY "Admins bypass constraints" ON public.listings
  AS PERMISSIVE FOR ALL
  TO authenticated
  USING ( (auth.jwt() -> 'app_metadata' ->> 'role') = 'admin' );

RLS Dependency Matrix

Command	Authenticated (User)	Authenticated (Admin)	Anonymous (Guest)
SELECT	Filtered (Own data)	Bypass (All Data)	Public Only
INSERT	Bounded Insert	Unrestricted	Blocked
UPDATE	Owner Only	Unrestricted	Blocked
DELETE	Owner Only	Unrestricted	Blocked

[!WARNING]
If an RLS policy is completely omitted on a table, PostgreSQL defaults to locking the table down entirely (Fail-Closed default).

Database & RLS Core

Database & Row Level Security (E)

Supabase Schema

Row Level Security (RLS) Blueprint

RLS Dependency Matrix

On this page