mirror of
https://github.com/pacnpal/thrilltrack-explorer.git
synced 2025-12-20 07:51:13 -05:00
Fix RLS policies
This commit is contained in:
gpt-engineer-app[bot]
@@ -0,0 +1,72 @@
|
|||||||
|
-- Fix RLS policies to use block_aal1_with_mfa() instead of direct auth.mfa_factors queries
|
||||||
|
-- This resolves "permission denied for table mfa_factors" errors
|
||||||
|
|
||||||
|
-- ==========================================
|
||||||
|
-- submission_items policies
|
||||||
|
-- ==========================================
|
||||||
|
|
||||||
|
DROP POLICY IF EXISTS "Moderators can delete submission items" ON public.submission_items;
|
||||||
|
CREATE POLICY "Moderators can delete submission items"
|
||||||
|
ON public.submission_items FOR DELETE
|
||||||
|
TO authenticated
|
||||||
|
USING (is_moderator(auth.uid()) AND block_aal1_with_mfa());
|
||||||
|
|
||||||
|
DROP POLICY IF EXISTS "Moderators can insert submission items" ON public.submission_items;
|
||||||
|
CREATE POLICY "Moderators can insert submission items"
|
||||||
|
ON public.submission_items FOR INSERT
|
||||||
|
TO authenticated
|
||||||
|
WITH CHECK (is_moderator(auth.uid()) AND block_aal1_with_mfa());
|
||||||
|
|
||||||
|
-- ==========================================
|
||||||
|
-- park_submissions policies
|
||||||
|
-- ==========================================
|
||||||
|
|
||||||
|
DROP POLICY IF EXISTS "Moderators can delete park submissions" ON public.park_submissions;
|
||||||
|
CREATE POLICY "Moderators can delete park submissions"
|
||||||
|
ON public.park_submissions FOR DELETE
|
||||||
|
TO authenticated
|
||||||
|
USING (is_moderator(auth.uid()) AND block_aal1_with_mfa());
|
||||||
|
|
||||||
|
DROP POLICY IF EXISTS "Moderators can update park submissions" ON public.park_submissions;
|
||||||
|
CREATE POLICY "Moderators can update park submissions"
|
||||||
|
ON public.park_submissions FOR UPDATE
|
||||||
|
TO authenticated
|
||||||
|
USING (is_moderator(auth.uid()) AND block_aal1_with_mfa());
|
||||||
|
|
||||||
|
DROP POLICY IF EXISTS "Moderators can view all park submissions" ON public.park_submissions;
|
||||||
|
CREATE POLICY "Moderators can view all park submissions"
|
||||||
|
ON public.park_submissions FOR SELECT
|
||||||
|
TO authenticated
|
||||||
|
USING (is_moderator(auth.uid()) AND block_aal1_with_mfa());
|
||||||
|
|
||||||
|
-- ==========================================
|
||||||
|
-- ride_submissions policies
|
||||||
|
-- ==========================================
|
||||||
|
|
||||||
|
DROP POLICY IF EXISTS "Moderators can delete ride submissions" ON public.ride_submissions;
|
||||||
|
CREATE POLICY "Moderators can delete ride submissions"
|
||||||
|
ON public.ride_submissions FOR DELETE
|
||||||
|
TO authenticated
|
||||||
|
USING (is_moderator(auth.uid()) AND block_aal1_with_mfa());
|
||||||
|
|
||||||
|
DROP POLICY IF EXISTS "Moderators can update ride submissions" ON public.ride_submissions;
|
||||||
|
CREATE POLICY "Moderators can update ride submissions"
|
||||||
|
ON public.ride_submissions FOR UPDATE
|
||||||
|
TO authenticated
|
||||||
|
USING (is_moderator(auth.uid()) AND block_aal1_with_mfa());
|
||||||
|
|
||||||
|
DROP POLICY IF EXISTS "Moderators can view all ride submissions" ON public.ride_submissions;
|
||||||
|
CREATE POLICY "Moderators can view all ride submissions"
|
||||||
|
ON public.ride_submissions FOR SELECT
|
||||||
|
TO authenticated
|
||||||
|
USING (is_moderator(auth.uid()) AND block_aal1_with_mfa());
|
||||||
|
|
||||||
|
-- ==========================================
|
||||||
|
-- photo_submissions policies
|
||||||
|
-- ==========================================
|
||||||
|
|
||||||
|
DROP POLICY IF EXISTS "Moderators can delete photo submissions" ON public.photo_submissions;
|
||||||
|
CREATE POLICY "Moderators can delete photo submissions"
|
||||||
|
ON public.photo_submissions FOR DELETE
|
||||||
|
TO authenticated
|
||||||
|
USING (is_moderator(auth.uid()) AND block_aal1_with_mfa());
|
||||||
Reference in New Issue
Block a user