Im trying to wrap my head around avatar management for supabase users. I have followed the user management starter and think I understand how it all kind of works. I am still confused and baffled about a few things which I hope you guys can clear up for me. I am working in flutter btw.
- If you make the function delete_storage_object (and the other functions) in the public table isn't this accessible for every role by default? I manually revoked access for all the functions from the tutorial so that only the postgress role can execute them when triggered.
- When the user uploads a picture but for example the updateProfile call goes wrong, wouldn't that mean I have an orphan file that just got uploaded? How would I prevent this?
Thanks in advance!
Edit: Of the second point what im also worried about is abuse by malicious users. If they read the endpoints and send a bunch of random images they make a lot of "orphans" which we have to pay for.