pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-20 06:31:13 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix SECURITY DEFINER on filtered_profiles view

Browse Source
This commit is contained in:
gpt-engineer-app[bot]
2025-10-12 14:05:43 +00:00
parent c5ad432667
commit 934c649514
2 changed files with 82 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
src/integrations/supabase/types.ts
View File

@@ -2785,26 +2785,26 @@ export type Database = {
username: string | null
}
Insert: {
avatar_image_id?: never
avatar_url?: never
banned?: never
bio?: never
coaster_count?: never
avatar_image_id?: string | null
avatar_url?: string | null
banned?: boolean | null
bio?: string | null
coaster_count?: number | null
created_at?: string | null
date_of_birth?: never
date_of_birth?: string | null
display_name?: string | null
home_park_id?: never
home_park_id?: string | null
id?: string | null
location_id?: never
park_count?: never
personal_location?: never
location_id?: string | null
park_count?: number | null
personal_location?: string | null
preferred_language?: string | null
preferred_pronouns?: never
preferred_pronouns?: string | null
privacy_level?: string | null
reputation_score?: never
review_count?: never
ride_count?: never
show_pronouns?: never
reputation_score?: number | null
review_count?: number | null
ride_count?: number | null
show_pronouns?: boolean | null
theme_preference?: string | null
timezone?: string | null
updated_at?: string | null
@@ -2812,33 +2812,48 @@ export type Database = {
username?: string | null
}
Update: {
avatar_image_id?: never
avatar_url?: never
banned?: never
bio?: never
coaster_count?: never
avatar_image_id?: string | null
avatar_url?: string | null
banned?: boolean | null
bio?: string | null
coaster_count?: number | null
created_at?: string | null
date_of_birth?: never
date_of_birth?: string | null
display_name?: string | null
home_park_id?: never
home_park_id?: string | null
id?: string | null
location_id?: never
park_count?: never
personal_location?: never
location_id?: string | null
park_count?: number | null
personal_location?: string | null
preferred_language?: string | null
preferred_pronouns?: never
preferred_pronouns?: string | null
privacy_level?: string | null
reputation_score?: never
review_count?: never
ride_count?: never
show_pronouns?: never
reputation_score?: number | null
review_count?: number | null
ride_count?: number | null
show_pronouns?: boolean | null
theme_preference?: string | null
timezone?: string | null
updated_at?: string | null
user_id?: string | null
username?: string | null
}
Relationships: []
Relationships: [
{
foreignKeyName: "profiles_home_park_id_fkey"
columns: ["home_park_id"]
isOneToOne: false
referencedRelation: "parks"
referencedColumns: ["id"]
},
{
foreignKeyName: "profiles_location_id_fkey"
columns: ["location_id"]
isOneToOne: false
referencedRelation: "locations"
referencedColumns: ["id"]
},
]
}
moderation_sla_metrics: {
Row: {

36
supabase/migrations/20251012140517_fdd82c76-7ada-4be7-8f3e-13516939ae28.sql Normal file
View File

@@ -0,0 +1,36 @@
-- Drop and recreate filtered_profiles view without SECURITY DEFINER
DROP VIEW IF EXISTS public.filtered_profiles;
-- Recreate the view without SECURITY DEFINER
-- This view should use the querying user's permissions, not the creator's
CREATE VIEW public.filtered_profiles AS
SELECT
p.id,
p.user_id,
p.username,
p.display_name,
p.bio,
p.avatar_url,
p.avatar_image_id,
p.preferred_pronouns,
p.show_pronouns,
p.timezone,
p.preferred_language,
p.location_id,
p.personal_location,
p.home_park_id,
p.date_of_birth,
p.privacy_level,
p.theme_preference,
p.ride_count,
p.coaster_count,
p.park_count,
p.review_count,
p.reputation_score,
p.created_at,
p.updated_at,
p.banned
FROM public.profiles p;
-- Add comment explaining the view's purpose
COMMENT ON VIEW public.filtered_profiles IS 'Provides access to profile data respecting RLS policies of the querying user';