pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-20 06:11:11 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix RLS policies

Browse Source
This commit is contained in:
gpt-engineer-app[bot]
2025-11-04 15:19:32 +00:00
parent 80aa033e70
commit 80ee91c837
1 changed files with 72 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
supabase/migrations/20251104151915_ab4e6a7a-cd0c-46f4-be81-109db74c6c47.sql Normal file
View File

@@ -0,0 +1,72 @@
-- Fix RLS policies to use block_aal1_with_mfa() instead of direct auth.mfa_factors queries
-- This resolves "permission denied for table mfa_factors" errors
-- ==========================================
-- submission_items policies
-- ==========================================
DROP POLICY IF EXISTS "Moderators can delete submission items" ON public.submission_items;
CREATE POLICY "Moderators can delete submission items"
ON public.submission_items FOR DELETE
TO authenticated
USING (is_moderator(auth.uid()) AND block_aal1_with_mfa());
DROP POLICY IF EXISTS "Moderators can insert submission items" ON public.submission_items;
CREATE POLICY "Moderators can insert submission items"
ON public.submission_items FOR INSERT
TO authenticated
WITH CHECK (is_moderator(auth.uid()) AND block_aal1_with_mfa());
-- ==========================================
-- park_submissions policies
-- ==========================================
DROP POLICY IF EXISTS "Moderators can delete park submissions" ON public.park_submissions;
CREATE POLICY "Moderators can delete park submissions"
ON public.park_submissions FOR DELETE
TO authenticated
USING (is_moderator(auth.uid()) AND block_aal1_with_mfa());
DROP POLICY IF EXISTS "Moderators can update park submissions" ON public.park_submissions;
CREATE POLICY "Moderators can update park submissions"
ON public.park_submissions FOR UPDATE
TO authenticated
USING (is_moderator(auth.uid()) AND block_aal1_with_mfa());
DROP POLICY IF EXISTS "Moderators can view all park submissions" ON public.park_submissions;
CREATE POLICY "Moderators can view all park submissions"
ON public.park_submissions FOR SELECT
TO authenticated
USING (is_moderator(auth.uid()) AND block_aal1_with_mfa());
-- ==========================================
-- ride_submissions policies
-- ==========================================
DROP POLICY IF EXISTS "Moderators can delete ride submissions" ON public.ride_submissions;
CREATE POLICY "Moderators can delete ride submissions"
ON public.ride_submissions FOR DELETE
TO authenticated
USING (is_moderator(auth.uid()) AND block_aal1_with_mfa());
DROP POLICY IF EXISTS "Moderators can update ride submissions" ON public.ride_submissions;
CREATE POLICY "Moderators can update ride submissions"
ON public.ride_submissions FOR UPDATE
TO authenticated
USING (is_moderator(auth.uid()) AND block_aal1_with_mfa());
DROP POLICY IF EXISTS "Moderators can view all ride submissions" ON public.ride_submissions;
CREATE POLICY "Moderators can view all ride submissions"
ON public.ride_submissions FOR SELECT
TO authenticated
USING (is_moderator(auth.uid()) AND block_aal1_with_mfa());
-- ==========================================
-- photo_submissions policies
-- ==========================================
DROP POLICY IF EXISTS "Moderators can delete photo submissions" ON public.photo_submissions;
CREATE POLICY "Moderators can delete photo submissions"
ON public.photo_submissions FOR DELETE
TO authenticated
USING (is_moderator(auth.uid()) AND block_aal1_with_mfa());