From 07f14cdcb55653019177cdfc136804105fc3a8e2 Mon Sep 17 00:00:00 2001
From: "gpt-engineer-app[bot]"
 <159125892+gpt-engineer-app[bot]@users.noreply.github.com>
Date: Thu, 9 Oct 2025 00:34:37 +0000
Subject: [PATCH] Fix: Address security findings

---
 ...3421_0fb9fa16-d2c0-49ea-8fb9-0a948abc05db.sql | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 supabase/migrations/20251009003421_0fb9fa16-d2c0-49ea-8fb9-0a948abc05db.sql

diff --git a/supabase/migrations/20251009003421_0fb9fa16-d2c0-49ea-8fb9-0a948abc05db.sql b/supabase/migrations/20251009003421_0fb9fa16-d2c0-49ea-8fb9-0a948abc05db.sql
new file mode 100644
index 00000000..ef795c18
--- /dev/null
+++ b/supabase/migrations/20251009003421_0fb9fa16-d2c0-49ea-8fb9-0a948abc05db.sql
@@ -0,0 +1,16 @@
+
+-- Enable RLS on the filtered_profiles view
+ALTER VIEW public.filtered_profiles SET (security_invoker = on);
+
+-- Grant explicit access to the filtered_profiles view
+GRANT SELECT ON public.filtered_profiles TO authenticated, anon;
+
+-- Add comment explaining the security model
+COMMENT ON VIEW public.filtered_profiles IS 
+'Privacy-safe profile view that uses can_view_profile_field() to enforce field-level access control. 
+Sensitive fields (date_of_birth, personal_location, etc.) are conditionally shown based on:
+1. User privacy settings in user_preferences table
+2. Profile privacy_level (public vs private)
+3. Viewer permissions (owner, moderator)
+The view filters out banned users unless viewer is owner or moderator.
+RLS is enforced at the row level in the WHERE clause.';