Fix: Correct RLS policies and function security

2025-12-28 00:27:05 -05:00 · 2025-10-06 16:50:00 +00:00
parent 02a9fdad84
commit fae8542c45
5 changed files with 447 additions and 4 deletions
--- a/supabase/functions/process-selective-approval/index.ts
+++ b/supabase/functions/process-selective-approval/index.ts
@@ -91,6 +91,18 @@ serve(async (req) => {
      try {
        console.log(`Processing item ${item.id} of type ${item.item_type}`);
        
+        // Set user context for versioning trigger
+        // This allows auto_create_entity_version() to capture the submitter
+        const { error: setConfigError } = await supabase.rpc('set_config_value', {
+          setting_name: 'app.current_user_id',
+          setting_value: submitterId,
+          is_local: false
+        });
+        
+        if (setConfigError) {
+          console.error('Failed to set user context:', setConfigError);
+        }
+        
        // Resolve dependencies in item data
        const resolvedData = resolveDependencies(item.item_data, dependencyMap);
        
--- a/supabase/migrations/20251006164702_9f5cf603-b3f4-4aef-935d-6afa92222514.sql
+++ b/supabase/migrations/20251006164702_9f5cf603-b3f4-4aef-935d-6afa92222514.sql
@@ -0,0 +1,15 @@
+-- Fix search_path for set_config_value function
+CREATE OR REPLACE FUNCTION public.set_config_value(
+  setting_name text,
+  setting_value text,
+  is_local boolean DEFAULT false
+)
+RETURNS void
+LANGUAGE plpgsql
+SECURITY DEFINER
+SET search_path = public
+AS $$
+BEGIN
+  PERFORM set_config(setting_name, setting_value, is_local);
+END;
+$$;