Connect to Lovable Cloud

Implemented end-to-end fixes:
- Added INSERT RLS policies for park_submissions, ride_submissions, company_submissions, ride_model_submissions, and photo_submissions (own submissions and moderator access)
- Fixed process_approval_transaction to replace ride_type with category and updated references accordingly
- Enhanced rate limiting in testRunner.ts with a 6s base delay and 12s adaptive delays after submission-heavy suites

src/lib/integrationTests/testRunner.ts

@@ -53,9 +53,9 @@ export class IntegrationTestRunner {
   private onProgress?: (result: TestResult) => void;
   private delayBetweenTests: number;
 
-  constructor(onProgress?: (result: TestResult) => void, delayBetweenTests: number = 5000) {
+  constructor(onProgress?: (result: TestResult) => void, delayBetweenTests: number = 6000) {
     this.onProgress = onProgress;
-    this.delayBetweenTests = delayBetweenTests; // Default 5 seconds to prevent rate limiting
+    this.delayBetweenTests = delayBetweenTests; // Default 6 seconds to prevent rate limiting
   }
 
   /**
@@ -189,6 +189,14 @@ export class IntegrationTestRunner {
     this.isRunning = true;
     this.shouldStop = false;
     
+    // Track submission-heavy suites for adaptive delays
+    const submissionHeavySuites = [
+      'Entity Submission & Validation',
+      'Approval Pipeline',
+      'Unit Conversion Tests',
+      'Performance & Scalability'
+    ];
+    
     for (let i = 0; i < suites.length; i++) {
       await this.runSuite(suites[i]);
       
@@ -196,30 +204,39 @@ export class IntegrationTestRunner {
         break;
       }
       
-      // Add delay between suites to prevent rate limiting
+      // Add delay between suites with adaptive timing
       if (i < suites.length - 1 && this.delayBetweenTests > 0) {
-        const delaySeconds = this.delayBetweenTests / 1000;
+        // Longer delay after submission-heavy suites
+        const isHeavySuite = submissionHeavySuites.includes(suites[i].name);
+        const delayMs = isHeavySuite 
+          ? this.delayBetweenTests * 2  // 12s delay after heavy suites
+          : this.delayBetweenTests;      // 6s delay after others
+        
+        const delaySeconds = delayMs / 1000;
         const delayResult: TestResult = {
           id: `suite-delay-${Date.now()}`,
-          name: `⏳ Suite completion delay: ${delaySeconds}s`,
+          name: `⏳ Suite completion delay: ${delaySeconds}s${isHeavySuite ? ' (submission-heavy)' : ''}`,
           suite: 'System',
           status: 'running',
           duration: 0,
           timestamp: new Date().toISOString(),
-          details: { reason: 'Pausing between suites to prevent rate limiting' }
+          details: { 
+            reason: 'Pausing between suites to prevent rate limiting',
+            isSubmissionHeavy: isHeavySuite
+          }
         };
         
         if (this.onProgress) {
           this.onProgress(delayResult);
         }
         
-        await this.delay(this.delayBetweenTests);
+        await this.delay(delayMs);
         
         if (this.onProgress) {
           this.onProgress({ 
             ...delayResult, 
             status: 'skip', 
-            duration: this.delayBetweenTests,
+            duration: delayMs,
             details: { reason: 'Suite delay completed' }
           });
         }

supabase/migrations/20251110183330_cde376ea-2cd2-4c47-84c1-1ad32367ea54.sql

@@ -0,0 +1,444 @@
+-- ============================================================================
+-- Phase 8: Fix RLS Policies, SQL Schema, and Rate Limiting
+-- ============================================================================
+-- This migration addresses critical test failures:
+-- 1. Adds missing INSERT policies for submission tables (26 tests)
+-- 2. Fixes ride_type → category column references (2 tests)
+-- ============================================================================
+
+-- ============================================================================
+-- PART 1: Add INSERT Policies for Submission Tables
+-- ============================================================================
+
+-- Park Submissions: Users can insert their own submissions
+CREATE POLICY "park_submissions_insert_own"
+ON public.park_submissions
+FOR INSERT
+TO authenticated
+WITH CHECK (
+  EXISTS (
+    SELECT 1 FROM content_submissions cs
+    WHERE cs.id = submission_id
+      AND cs.user_id = auth.uid()
+  )
+);
+
+-- Park Submissions: Moderators can insert any submissions
+CREATE POLICY "park_submissions_insert_moderators"
+ON public.park_submissions
+FOR INSERT
+TO authenticated
+WITH CHECK (
+  is_moderator(auth.uid())
+);
+
+-- Ride Submissions: Users can insert their own submissions
+CREATE POLICY "ride_submissions_insert_own"
+ON public.ride_submissions
+FOR INSERT
+TO authenticated
+WITH CHECK (
+  EXISTS (
+    SELECT 1 FROM content_submissions cs
+    WHERE cs.id = submission_id
+      AND cs.user_id = auth.uid()
+  )
+);
+
+-- Ride Submissions: Moderators can insert any submissions
+CREATE POLICY "ride_submissions_insert_moderators"
+ON public.ride_submissions
+FOR INSERT
+TO authenticated
+WITH CHECK (
+  is_moderator(auth.uid())
+);
+
+-- Company Submissions: Users can insert their own submissions
+CREATE POLICY "company_submissions_insert_own"
+ON public.company_submissions
+FOR INSERT
+TO authenticated
+WITH CHECK (
+  EXISTS (
+    SELECT 1 FROM content_submissions cs
+    WHERE cs.id = submission_id
+      AND cs.user_id = auth.uid()
+  )
+);
+
+-- Company Submissions: Moderators can insert any submissions
+CREATE POLICY "company_submissions_insert_moderators"
+ON public.company_submissions
+FOR INSERT
+TO authenticated
+WITH CHECK (
+  is_moderator(auth.uid())
+);
+
+-- Ride Model Submissions: Users can insert their own submissions
+CREATE POLICY "ride_model_submissions_insert_own"
+ON public.ride_model_submissions
+FOR INSERT
+TO authenticated
+WITH CHECK (
+  EXISTS (
+    SELECT 1 FROM content_submissions cs
+    WHERE cs.id = submission_id
+      AND cs.user_id = auth.uid()
+  )
+);
+
+-- Ride Model Submissions: Moderators can insert any submissions
+CREATE POLICY "ride_model_submissions_insert_moderators"
+ON public.ride_model_submissions
+FOR INSERT
+TO authenticated
+WITH CHECK (
+  is_moderator(auth.uid())
+);
+
+-- Photo Submissions: Users can insert their own submissions
+CREATE POLICY "photo_submissions_insert_own"
+ON public.photo_submissions
+FOR INSERT
+TO authenticated
+WITH CHECK (
+  EXISTS (
+    SELECT 1 FROM content_submissions cs
+    WHERE cs.id = submission_id
+      AND cs.user_id = auth.uid()
+  )
+);
+
+-- Photo Submissions: Moderators can insert any submissions
+CREATE POLICY "photo_submissions_insert_moderators"
+ON public.photo_submissions
+FOR INSERT
+TO authenticated
+WITH CHECK (
+  is_moderator(auth.uid())
+);
+
+-- ============================================================================
+-- PART 2: Fix SQL Column Names (ride_type → category)
+-- ============================================================================
+
+DROP FUNCTION IF EXISTS process_approval_transaction(UUID, UUID[], UUID, UUID, TEXT, TEXT, TEXT);
+
+CREATE OR REPLACE FUNCTION process_approval_transaction(
+  p_submission_id UUID,
+  p_item_ids UUID[],
+  p_moderator_id UUID,
+  p_submitter_id UUID,
+  p_request_id TEXT DEFAULT NULL,
+  p_trace_id TEXT DEFAULT NULL,
+  p_parent_span_id TEXT DEFAULT NULL
+)
+RETURNS JSONB
+LANGUAGE plpgsql
+SECURITY DEFINER
+SET search_path = public
+AS $$
+DECLARE
+  v_start_time TIMESTAMPTZ;
+  v_result JSONB;
+  v_item RECORD;
+  v_item_data JSONB;
+  v_resolved_refs JSONB;
+  v_entity_id UUID;
+  v_approval_results JSONB[] := ARRAY[]::JSONB[];
+  v_final_status TEXT;
+  v_all_approved BOOLEAN := TRUE;
+  v_some_approved BOOLEAN := FALSE;
+  v_items_processed INTEGER := 0;
+  v_span_id TEXT;
+BEGIN
+  v_start_time := clock_timestamp();
+  v_span_id := gen_random_uuid()::text;
+  
+  -- Log span start with trace context
+  IF p_trace_id IS NOT NULL THEN
+    RAISE NOTICE 'SPAN: {"spanId": "%", "traceId": "%", "parentSpanId": "%", "name": "process_approval_transaction_rpc", "kind": "INTERNAL", "startTime": %, "attributes": {"submission.id": "%", "item_count": %}}',
+      v_span_id,
+      p_trace_id,
+      p_parent_span_id,
+      EXTRACT(EPOCH FROM v_start_time) * 1000,
+      p_submission_id,
+      array_length(p_item_ids, 1);
+  END IF;
+  
+  RAISE NOTICE '[%] Starting atomic approval transaction for submission %',
+    COALESCE(p_request_id, 'NO_REQUEST_ID'),
+    p_submission_id;
+  
+  -- ========================================================================
+  -- STEP 1: Set session variables (transaction-scoped with is_local=true)
+  -- ========================================================================
+  PERFORM set_config('app.current_user_id', p_submitter_id::text, true);
+  PERFORM set_config('app.submission_id', p_submission_id::text, true);
+  PERFORM set_config('app.moderator_id', p_moderator_id::text, true);
+  
+  -- ========================================================================
+  -- STEP 2: Validate submission ownership and lock status
+  -- ========================================================================
+  IF NOT EXISTS (
+    SELECT 1 FROM content_submissions
+    WHERE id = p_submission_id
+      AND (assigned_to = p_moderator_id OR assigned_to IS NULL)
+      AND status IN ('pending', 'partially_approved')
+  ) THEN
+    RAISE EXCEPTION 'Submission not found, locked by another moderator, or already processed'
+      USING ERRCODE = '42501';
+  END IF;
+  
+  -- ========================================================================
+  -- STEP 3: Process each item sequentially within this transaction
+  -- ========================================================================
+  FOR v_item IN
+    SELECT
+      si.*,
+      ps.name as park_name,
+      ps.slug as park_slug,
+      ps.description as park_description,
+      ps.park_type,
+      ps.status as park_status,
+      ps.location_id,
+      ps.operator_id,
+      ps.property_owner_id,
+      ps.opening_date as park_opening_date,
+      ps.closing_date as park_closing_date,
+      ps.opening_date_precision as park_opening_date_precision,
+      ps.closing_date_precision as park_closing_date_precision,
+      ps.website_url as park_website_url,
+      ps.phone as park_phone,
+      ps.email as park_email,
+      ps.banner_image_url as park_banner_image_url,
+      ps.banner_image_id as park_banner_image_id,
+      ps.card_image_url as park_card_image_url,
+      ps.card_image_id as park_card_image_id,
+      rs.name as ride_name,
+      rs.slug as ride_slug,
+      rs.park_id as ride_park_id,
+      rs.category as ride_category,
+      rs.status as ride_status,
+      rs.manufacturer_id,
+      rs.ride_model_id,
+      rs.opening_date as ride_opening_date,
+      rs.closing_date as ride_closing_date,
+      rs.opening_date_precision as ride_opening_date_precision,
+      rs.closing_date_precision as ride_closing_date_precision,
+      rs.description as ride_description,
+      rs.banner_image_url as ride_banner_image_url,
+      rs.banner_image_id as ride_banner_image_id,
+      rs.card_image_url as ride_card_image_url,
+      rs.card_image_id as ride_card_image_id,
+      cs.name as company_name,
+      cs.slug as company_slug,
+      cs.description as company_description,
+      cs.website_url as company_website_url,
+      cs.founded_year,
+      cs.banner_image_url as company_banner_image_url,
+      cs.banner_image_id as company_banner_image_id,
+      cs.card_image_url as company_card_image_url,
+      cs.card_image_id as company_card_image_id,
+      rms.name as ride_model_name,
+      rms.slug as ride_model_slug,
+      rms.manufacturer_id as ride_model_manufacturer_id,
+      rms.category as ride_model_category,
+      rms.description as ride_model_description,
+      rms.banner_image_url as ride_model_banner_image_url,
+      rms.banner_image_id as ride_model_banner_image_id,
+      rms.card_image_url as ride_model_card_image_url,
+      rms.card_image_id as ride_model_card_image_id,
+      phs.entity_id as photo_entity_id,
+      phs.entity_type as photo_entity_type,
+      phs.title as photo_title
+    FROM submission_items si
+    LEFT JOIN park_submissions ps ON si.park_submission_id = ps.id
+    LEFT JOIN ride_submissions rs ON si.ride_submission_id = rs.id
+    LEFT JOIN company_submissions cs ON si.company_submission_id = cs.id
+    LEFT JOIN ride_model_submissions rms ON si.ride_model_submission_id = rms.id
+    LEFT JOIN photo_submissions phs ON si.photo_submission_id = phs.id
+    WHERE si.id = ANY(p_item_ids)
+    ORDER BY si.order_index, si.created_at
+  LOOP
+    BEGIN
+      v_items_processed := v_items_processed + 1;
+      
+      -- Log item processing span event
+      IF p_trace_id IS NOT NULL THEN
+        RAISE NOTICE 'SPAN_EVENT: {"traceId": "%", "parentSpanId": "%", "name": "process_item", "timestamp": %, "attributes": {"item.id": "%", "item.type": "%", "item.action": "%"}}',
+          p_trace_id,
+          v_span_id,
+          EXTRACT(EPOCH FROM clock_timestamp()) * 1000,
+          v_item.id,
+          v_item.item_type,
+          v_item.action_type;
+      END IF;
+      
+      -- Build item data based on entity type
+      IF v_item.item_type = 'park' THEN
+        v_item_data := jsonb_build_object(
+          'name', v_item.park_name,
+          'slug', v_item.park_slug,
+          'description', v_item.park_description,
+          'park_type', v_item.park_type,
+          'status', v_item.park_status,
+          'location_id', v_item.location_id,
+          'operator_id', v_item.operator_id,
+          'property_owner_id', v_item.property_owner_id,
+          'opening_date', v_item.park_opening_date,
+          'closing_date', v_item.park_closing_date,
+          'opening_date_precision', v_item.park_opening_date_precision,
+          'closing_date_precision', v_item.park_closing_date_precision,
+          'website_url', v_item.park_website_url,
+          'phone', v_item.park_phone,
+          'email', v_item.park_email,
+          'banner_image_url', v_item.park_banner_image_url,
+          'banner_image_id', v_item.park_banner_image_id,
+          'card_image_url', v_item.park_card_image_url,
+          'card_image_id', v_item.park_card_image_id
+        );
+      ELSIF v_item.item_type = 'ride' THEN
+        v_item_data := jsonb_build_object(
+          'name', v_item.ride_name,
+          'slug', v_item.ride_slug,
+          'park_id', v_item.ride_park_id,
+          'category', v_item.ride_category,
+          'status', v_item.ride_status,
+          'manufacturer_id', v_item.manufacturer_id,
+          'ride_model_id', v_item.ride_model_id,
+          'opening_date', v_item.ride_opening_date,
+          'closing_date', v_item.ride_closing_date,
+          'opening_date_precision', v_item.ride_opening_date_precision,
+          'closing_date_precision', v_item.ride_closing_date_precision,
+          'description', v_item.ride_description,
+          'banner_image_url', v_item.ride_banner_image_url,
+          'banner_image_id', v_item.ride_banner_image_id,
+          'card_image_url', v_item.ride_card_image_url,
+          'card_image_id', v_item.ride_card_image_id
+        );
+      ELSIF v_item.item_type = 'company' THEN
+        v_item_data := jsonb_build_object(
+          'name', v_item.company_name,
+          'slug', v_item.company_slug,
+          'description', v_item.company_description,
+          'website_url', v_item.company_website_url,
+          'founded_year', v_item.founded_year,
+          'banner_image_url', v_item.company_banner_image_url,
+          'banner_image_id', v_item.company_banner_image_id,
+          'card_image_url', v_item.company_card_image_url,
+          'card_image_id', v_item.company_card_image_id
+        );
+      ELSIF v_item.item_type = 'ride_model' THEN
+        v_item_data := jsonb_build_object(
+          'name', v_item.ride_model_name,
+          'slug', v_item.ride_model_slug,
+          'manufacturer_id', v_item.ride_model_manufacturer_id,
+          'category', v_item.ride_model_category,
+          'description', v_item.ride_model_description,
+          'banner_image_url', v_item.ride_model_banner_image_url,
+          'banner_image_id', v_item.ride_model_banner_image_id,
+          'card_image_url', v_item.ride_model_card_image_url,
+          'card_image_id', v_item.ride_model_card_image_id
+        );
+      ELSIF v_item.item_type = 'photo' THEN
+        v_item_data := jsonb_build_object(
+          'entity_id', v_item.photo_entity_id,
+          'entity_type', v_item.photo_entity_type,
+          'title', v_item.photo_title
+        );
+      ELSE
+        RAISE EXCEPTION 'Unknown item type: %', v_item.item_type;
+      END IF;
+      
+      -- Resolve temporary references
+      v_resolved_refs := resolve_temp_references(v_item_data, p_submission_id);
+      
+      -- Perform the action
+      IF v_item.action_type = 'create' THEN
+        v_entity_id := perform_create(v_item.item_type, v_resolved_refs, p_submitter_id, p_submission_id);
+      ELSIF v_item.action_type = 'update' THEN
+        IF v_item.entity_id IS NULL THEN
+          RAISE EXCEPTION 'Update action requires entity_id';
+        END IF;
+        PERFORM perform_update(v_item.item_type, v_item.entity_id, v_resolved_refs, p_submitter_id, p_submission_id);
+        v_entity_id := v_item.entity_id;
+      ELSE
+        RAISE EXCEPTION 'Unknown action type: %', v_item.action_type;
+      END IF;
+      
+      -- Update submission_item with approved entity
+      UPDATE submission_items
+      SET approved_entity_id = v_entity_id,
+          approved_at = now(),
+          status = 'approved'
+      WHERE id = v_item.id;
+      
+      -- Track approval results
+      v_approval_results := array_append(v_approval_results, jsonb_build_object(
+        'item_id', v_item.id,
+        'status', 'approved',
+        'entity_id', v_entity_id
+      ));
+      
+      v_some_approved := TRUE;
+      
+    EXCEPTION
+      WHEN OTHERS THEN
+        -- Log the error
+        RAISE WARNING 'Failed to process item %: % - %', v_item.id, SQLERRM, SQLSTATE;
+        
+        -- Track failure
+        v_approval_results := array_append(v_approval_results, jsonb_build_object(
+          'item_id', v_item.id,
+          'status', 'failed',
+          'error', SQLERRM
+        ));
+        
+        v_all_approved := FALSE;
+        
+        -- Re-raise to rollback transaction
+        RAISE;
+    END;
+  END LOOP;
+  
+  -- ========================================================================
+  -- STEP 4: Update submission status
+  -- ========================================================================
+  IF v_all_approved THEN
+    v_final_status := 'approved';
+  ELSIF v_some_approved THEN
+    v_final_status := 'partially_approved';
+  ELSE
+    v_final_status := 'rejected';
+  END IF;
+  
+  UPDATE content_submissions
+  SET status = v_final_status,
+      resolved_at = CASE WHEN v_all_approved THEN now() ELSE NULL END,
+      reviewer_id = p_moderator_id,
+      reviewed_at = now()
+  WHERE id = p_submission_id;
+  
+  -- Log span end
+  IF p_trace_id IS NOT NULL THEN
+    RAISE NOTICE 'SPAN: {"spanId": "%", "traceId": "%", "name": "process_approval_transaction_rpc", "kind": "INTERNAL", "endTime": %, "attributes": {"items_processed": %, "final_status": "%"}}',
+      v_span_id,
+      p_trace_id,
+      EXTRACT(EPOCH FROM clock_timestamp()) * 1000,
+      v_items_processed,
+      v_final_status;
+  END IF;
+  
+  -- Return result
+  RETURN jsonb_build_object(
+    'success', v_all_approved,
+    'status', v_final_status,
+    'items_processed', v_items_processed,
+    'results', v_approval_results,
+    'duration_ms', EXTRACT(EPOCH FROM (clock_timestamp() - v_start_time)) * 1000
+  );
+END;
+$$;