diff --git a/modules/database/supabase/utils/client.py b/modules/database/supabase/utils/client.py index f548ce8..fe55f33 100644 --- a/modules/database/supabase/utils/client.py +++ b/modules/database/supabase/utils/client.py @@ -23,8 +23,13 @@ def _create_base_client(url: str, key: str, access_token: Optional[str] = None, # If an access token is provided, use it for Authorization (enables per-user RLS) # Otherwise fall back to the API key auth_header = f"Bearer {access_token}" if access_token else f"Bearer {key}" - + + # apikey is required by the Supabase gateway (Kong) on every request and is independent of + # Authorization: for a per-user client apikey stays the anon key while Authorization carries + # the user's JWT (so RLS sees auth.uid()). Set it explicitly rather than relying on + # create_client's internal default-header behaviour, which our options.headers override. headers = { + "apikey": key, "Authorization": auth_header, } if options: diff --git a/tests/test_dev_stack.py b/tests/test_dev_stack.py index c056990..9956e28 100644 --- a/tests/test_dev_stack.py +++ b/tests/test_dev_stack.py @@ -55,15 +55,19 @@ def test_dev_api_health_endpoint_is_healthy(): assert payload['services']['redis']['database'] == 0 +# NOTE: these are >= baselines, not exact counts. The greenfield seed produces this floor; +# additive exam-marker fixtures (S4-4 cohort adds ~10 students/memberships; ad-hoc classes) push +# the live .94 counts above it. Exact == froze a snapshot that any new fixture breaks, while >= +# still catches a broken or missing seed. def test_supabase_dev_seed_core_counts(): - assert _rest_count('profiles') == 21 - assert _rest_count('institute_memberships') == 21 - assert _rest_count('institutes') == 2 + assert _rest_count('profiles') >= 21 + assert _rest_count('institute_memberships') >= 21 + assert _rest_count('institutes') >= 2 def test_supabase_dev_seed_timetable_counts(): - assert _rest_count('classes') == 17 - assert _rest_count('taught_lessons') == 1462 + assert _rest_count('classes') >= 17 + assert _rest_count('taught_lessons') >= 1462 def test_runtime_identity_does_not_expose_secret_values():