From ff7c90e62d1850ce04fc8445254e0653838b1e94 Mon Sep 17 00:00:00 2001 From: "gpt-engineer-app[bot]" <159125892+gpt-engineer-app[bot]@users.noreply.github.com> Date: Thu, 9 Oct 2025 17:07:42 +0000 Subject: [PATCH] Fix edge function role check --- .../process-selective-approval/index.ts | 20 +++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/supabase/functions/process-selective-approval/index.ts b/supabase/functions/process-selective-approval/index.ts index e1a113ae..8c6b3e42 100644 --- a/supabase/functions/process-selective-approval/index.ts +++ b/supabase/functions/process-selective-approval/index.ts @@ -88,21 +88,25 @@ serve(async (req) => { ); // Check if user has moderator permissions using service role to bypass RLS - const { data: profile, error: profileError } = await supabase - .from('profiles') + const { data: roles, error: rolesError } = await supabase + .from('user_roles') .select('role') - .eq('user_id', authenticatedUserId) - .single(); + .eq('user_id', authenticatedUserId); - if (profileError || !profile) { - console.error('Failed to fetch profile:', profileError); + if (rolesError) { + console.error('Failed to fetch user roles:', rolesError); return new Response( - JSON.stringify({ error: 'User profile not found.' }), + JSON.stringify({ error: 'Failed to verify user permissions.' }), { status: 403, headers: { ...corsHeaders, 'Content-Type': 'application/json' } } ); } - if (profile.role !== 'moderator' && profile.role !== 'admin') { + const userRoles = roles?.map(r => r.role) || []; + const isModerator = userRoles.includes('moderator') || + userRoles.includes('admin') || + userRoles.includes('superuser'); + + if (!isModerator) { return new Response( JSON.stringify({ error: 'Insufficient permissions. Moderator role required.' }), { status: 403, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }