Refactor photo modification logic

2025-12-26 17:46:58 -05:00 · 2025-10-02 17:46:45 +00:00
parent 6f579faa31
commit 2750d285cb
5 changed files with 224 additions and 29 deletions
--- a/supabase/functions/process-selective-approval/index.ts
+++ b/supabase/functions/process-selective-approval/index.ts
@@ -120,6 +120,14 @@ serve(async (req) => {
            await approvePhotos(supabase, resolvedData, item.id);
            entityId = item.id; // Use item ID as entity ID for photos
            break;
+          case 'photo_edit':
+            await editPhoto(supabase, resolvedData);
+            entityId = resolvedData.photo_id;
+            break;
+          case 'photo_delete':
+            await deletePhoto(supabase, resolvedData);
+            entityId = resolvedData.photo_id;
+            break;
          default:
            throw new Error(`Unknown item type: ${item.item_type}`);
        }
@@ -595,3 +603,25 @@ function extractImageId(url: string): string {
  const matches = url.match(/\/([^\/]+)\/public$/);
  return matches ? matches[1] : url;
 }
+
+async function editPhoto(supabase: any, data: any): Promise<void> {
+  console.log(`Editing photo ${data.photo_id}`);
+  const { error } = await supabase
+    .from('photos')
+    .update({
+      caption: data.new_caption,
+    })
+    .eq('id', data.photo_id);
+
+  if (error) throw new Error(`Failed to edit photo: ${error.message}`);
+}
+
+async function deletePhoto(supabase: any, data: any): Promise<void> {
+  console.log(`Deleting photo ${data.photo_id}`);
+  const { error } = await supabase
+    .from('photos')
+    .delete()
+    .eq('id', data.photo_id);
+
+  if (error) throw new Error(`Failed to delete photo: ${error.message}`);
+}
--- a/supabase/migrations/20251002174244_ddacac58-98d8-454f-9e1b-658b9ac6b734.sql
+++ b/supabase/migrations/20251002174244_ddacac58-98d8-454f-9e1b-658b9ac6b734.sql
@@ -0,0 +1,23 @@
+-- Restrict direct photo modifications - require moderation queue
+-- Drop existing policies that allow direct modification
+DROP POLICY IF EXISTS "Moderators can update photos" ON public.photos;
+DROP POLICY IF EXISTS "Moderators can delete photos" ON public.photos;
+
+-- Keep read policies
+-- Public read access to photos already exists
+
+-- Only service role (edge functions) can modify photos after approval
+CREATE POLICY "Service role can insert photos"
+  ON public.photos FOR INSERT
+  TO service_role
+  WITH CHECK (true);
+
+CREATE POLICY "Service role can update photos"
+  ON public.photos FOR UPDATE
+  TO service_role
+  USING (true);
+
+CREATE POLICY "Service role can delete photos"
+  ON public.photos FOR DELETE
+  TO service_role
+  USING (true);