pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-29 05:47:06 -05:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: pacnpal:bc82e552e0d355b2bb4912efeac411a2c8e11375
Branches Tags
pacnpal:main pacnpal:dev pacnpal:edit/edt-5d4e06f4-a087-42e0-80bb-a43139fa066b pacnpal:edit/edt-3a0af0c5-3daa-4be8-b4ab-a9fa03de0373 pacnpal:edit/edt-f369b8ce-d150-4532-a6a0-2ba80ace6b58 pacnpal:edit/edt-6e45b77e-1d54-4173-af1a-dcbcd886645d pacnpal:edit/edt-6eb47d5c-853d-43ab-96a7-16a5cc006c30 pacnpal:edit/edt-9a567ba5-b52f-46b3-bdef-b847b9ba7963 pacnpal:edit/edt-61e75a20-f83d-40b2-8bc4-b6ff40b23450 pacnpal:edit/edt-22d9eca7-0c70-44d8-865d-791ef884dfbd pacnpal:edit/edt-ffd226b0-af99-491b-b6b8-3fe0063e0082 pacnpal:edit/edt-a95a840d-e7e7-4f9e-aa25-03bb68194aee pacnpal:django-backend pacnpal:claude/audit-django-migration-011CUw4bfUEAsSoD5BpMRCtK pacnpal:claude/pipeline-error-handling-011CUujxQjLLS8RcB1jtZoT5
...
compare: pacnpal:4830333e6fdc8d37dcb4bcd4f7c7f9bab72f9fb1
Branches Tags
pacnpal:main pacnpal:dev pacnpal:edit/edt-5d4e06f4-a087-42e0-80bb-a43139fa066b pacnpal:edit/edt-3a0af0c5-3daa-4be8-b4ab-a9fa03de0373 pacnpal:edit/edt-f369b8ce-d150-4532-a6a0-2ba80ace6b58 pacnpal:edit/edt-6e45b77e-1d54-4173-af1a-dcbcd886645d pacnpal:edit/edt-6eb47d5c-853d-43ab-96a7-16a5cc006c30 pacnpal:edit/edt-9a567ba5-b52f-46b3-bdef-b847b9ba7963 pacnpal:edit/edt-61e75a20-f83d-40b2-8bc4-b6ff40b23450 pacnpal:edit/edt-22d9eca7-0c70-44d8-865d-791ef884dfbd pacnpal:edit/edt-ffd226b0-af99-491b-b6b8-3fe0063e0082 pacnpal:edit/edt-a95a840d-e7e7-4f9e-aa25-03bb68194aee pacnpal:django-backend pacnpal:claude/audit-django-migration-011CUw4bfUEAsSoD5BpMRCtK pacnpal:claude/pipeline-error-handling-011CUujxQjLLS8RcB1jtZoT5

2 Commits
bc82e552e0 ... 4830333e6f

Author SHA1 Message Date
gpt-engineer-app[bot]
4830333e6f Refactor: Update RLS policies 2025-10-29 01:48:54 +00:00
gpt-engineer-app[bot]
171278a30c Approve RLS optimization plan 2025-10-29 01:40:28 +00:00
2 changed files with 684 additions and 0 deletions
Expand all files Collapse all files

316
supabase/migrations/20251029014018_639026e5-191a-4b2c-9cfc-0dfccdd0bdd4.sql Normal file
View File

@@ -0,0 +1,316 @@
-- Phase 2: Optimize remaining RLS policies missed in first pass
-- Fixes 49 additional policies across versioning, historical, preference, and granular permission tables
-- Pattern: auth.uid() → (SELECT auth.uid())
-- Pattern: is_moderator(auth.uid()) → is_moderator((SELECT auth.uid()))
-- ============================================================================
-- CORE RELATIONAL TABLES
-- ============================================================================
DROP POLICY IF EXISTS "Moderators can manage ride technical specifications" ON public.ride_technical_specifications;
DROP POLICY IF EXISTS "Moderators can manage ride coaster statistics" ON public.ride_coaster_statistics;
DROP POLICY IF EXISTS "Moderators can manage ride name history" ON public.ride_name_history;
DROP POLICY IF EXISTS "Moderators can manage ride model technical specifications" ON public.ride_model_technical_specifications;
CREATE POLICY "Moderators can manage ride technical specifications"
ON public.ride_technical_specifications FOR ALL
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can manage ride coaster statistics"
ON public.ride_coaster_statistics FOR ALL
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can manage ride name history"
ON public.ride_name_history FOR ALL
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can manage ride model technical specifications"
ON public.ride_model_technical_specifications FOR ALL
TO authenticated
USING (is_moderator((SELECT auth.uid())));
-- ============================================================================
-- USER/SYSTEM TABLES
-- ============================================================================
DROP POLICY IF EXISTS "Moderators can read all preferences" ON public.user_preferences;
DROP POLICY IF EXISTS "Moderators can read analytics" ON public.entity_page_views;
DROP POLICY IF EXISTS "Service role only access" ON public.request_metadata;
DROP POLICY IF EXISTS "Moderators can view metadata with MFA" ON public.request_metadata;
DROP POLICY IF EXISTS "Superusers can manage settings with MFA" ON public.admin_settings;
CREATE POLICY "Moderators can read all preferences"
ON public.user_preferences FOR SELECT
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can read analytics"
ON public.entity_page_views FOR SELECT
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Service role only access"
ON public.request_metadata FOR ALL
TO service_role
USING (auth.role() = 'service_role');
CREATE POLICY "Moderators can view metadata with MFA"
ON public.request_metadata FOR SELECT
TO authenticated
USING (is_moderator((SELECT auth.uid())) AND has_aal2());
CREATE POLICY "Superusers can manage settings with MFA"
ON public.admin_settings FOR ALL
TO authenticated
USING (is_superuser((SELECT auth.uid())) AND has_aal2());
-- ============================================================================
-- HISTORICAL/VERSIONING TABLES
-- ============================================================================
DROP POLICY IF EXISTS "Moderators manage historical parks" ON public.historical_parks;
DROP POLICY IF EXISTS "Moderators manage historical rides" ON public.historical_rides;
DROP POLICY IF EXISTS "Moderators manage location history" ON public.park_location_history;
DROP POLICY IF EXISTS "Moderators view location history" ON public.park_location_history;
DROP POLICY IF EXISTS "Moderators can view all archived versions" ON public.entity_versions_archive;
DROP POLICY IF EXISTS "Moderators can view all company versions" ON public.company_versions;
DROP POLICY IF EXISTS "Moderators can view all park versions" ON public.park_versions;
DROP POLICY IF EXISTS "Moderators can view all ride versions" ON public.ride_versions;
DROP POLICY IF EXISTS "Moderators can view all ride model versions" ON public.ride_model_versions;
CREATE POLICY "Moderators manage historical parks"
ON public.historical_parks FOR ALL
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators manage historical rides"
ON public.historical_rides FOR ALL
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators manage location history"
ON public.park_location_history FOR ALL
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators view location history"
ON public.park_location_history FOR SELECT
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can view all archived versions"
ON public.entity_versions_archive FOR SELECT
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can view all company versions"
ON public.company_versions FOR SELECT
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can view all park versions"
ON public.park_versions FOR SELECT
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can view all ride versions"
ON public.ride_versions FOR SELECT
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can view all ride model versions"
ON public.ride_model_versions FOR SELECT
TO authenticated
USING (is_moderator((SELECT auth.uid())));
-- ============================================================================
-- GRANULAR UPDATE/VIEW POLICIES
-- ============================================================================
DROP POLICY IF EXISTS "Moderators can update photo submission items" ON public.photo_submission_items;
DROP POLICY IF EXISTS "Moderators can view all photo submission items" ON public.photo_submission_items;
DROP POLICY IF EXISTS "Moderators can update photo submissions" ON public.photo_submissions;
DROP POLICY IF EXISTS "Moderators can view all photo submissions" ON public.photo_submissions;
DROP POLICY IF EXISTS "Moderators can update profiles for banning" ON public.profiles;
DROP POLICY IF EXISTS "Moderators can view all profiles" ON public.profiles;
DROP POLICY IF EXISTS "Moderators can update reports" ON public.reports;
DROP POLICY IF EXISTS "Moderators can update reports with MFA" ON public.reports;
DROP POLICY IF EXISTS "Moderators can view all reports" ON public.reports;
DROP POLICY IF EXISTS "Moderators can update review status" ON public.reviews;
DROP POLICY IF EXISTS "Moderators can update ride model submissions" ON public.ride_model_submissions;
DROP POLICY IF EXISTS "Moderators can view all ride model submissions" ON public.ride_model_submissions;
DROP POLICY IF EXISTS "Moderators can update ride submissions" ON public.ride_submissions;
DROP POLICY IF EXISTS "Moderators can view all ride submissions" ON public.ride_submissions;
DROP POLICY IF EXISTS "Moderators can update submission items" ON public.submission_items;
DROP POLICY IF EXISTS "Moderators can update submission items with MFA" ON public.submission_items;
DROP POLICY IF EXISTS "Moderators can update timeline submissions" ON public.timeline_event_submissions;
DROP POLICY IF EXISTS "Moderators can view all timeline submissions" ON public.timeline_event_submissions;
CREATE POLICY "Moderators can update photo submission items"
ON public.photo_submission_items FOR UPDATE
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can view all photo submission items"
ON public.photo_submission_items FOR SELECT
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can update photo submissions"
ON public.photo_submissions FOR UPDATE
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can view all photo submissions"
ON public.photo_submissions FOR SELECT
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can update profiles for banning"
ON public.profiles FOR UPDATE
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can view all profiles"
ON public.profiles FOR SELECT
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can update reports"
ON public.reports FOR UPDATE
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can update reports with MFA"
ON public.reports FOR UPDATE
TO authenticated
USING (is_moderator((SELECT auth.uid())) AND has_aal2());
CREATE POLICY "Moderators can view all reports"
ON public.reports FOR SELECT
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can update review status"
ON public.reviews FOR UPDATE
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can update ride model submissions"
ON public.ride_model_submissions FOR UPDATE
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can view all ride model submissions"
ON public.ride_model_submissions FOR SELECT
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can update ride submissions"
ON public.ride_submissions FOR UPDATE
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can view all ride submissions"
ON public.ride_submissions FOR SELECT
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can update submission items"
ON public.submission_items FOR UPDATE
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can update submission items with MFA"
ON public.submission_items FOR UPDATE
TO authenticated
USING (is_moderator((SELECT auth.uid())) AND has_aal2());
CREATE POLICY "Moderators can update timeline submissions"
ON public.timeline_event_submissions FOR UPDATE
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can view all timeline submissions"
ON public.timeline_event_submissions FOR SELECT
TO authenticated
USING (is_moderator((SELECT auth.uid())));
-- ============================================================================
-- AUDIT & NOTIFICATION TABLES
-- ============================================================================
DROP POLICY IF EXISTS "Moderators can view all audit logs" ON public.profile_audit_log;
DROP POLICY IF EXISTS "System can insert audit logs" ON public.profile_audit_log;
DROP POLICY IF EXISTS "Moderators can view all notification logs" ON public.notification_logs;
DROP POLICY IF EXISTS "Moderators can view all notification preferences" ON public.user_notification_preferences;
DROP POLICY IF EXISTS "Moderators can view all review deletions" ON public.review_deletions;
DROP POLICY IF EXISTS "Moderators can view all submission dependencies" ON public.submission_dependencies;
DROP POLICY IF EXISTS "Moderators can view test data registry" ON public.test_data_registry;
CREATE POLICY "Moderators can view all audit logs"
ON public.profile_audit_log FOR SELECT
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "System can insert audit logs"
ON public.profile_audit_log FOR INSERT
TO service_role
WITH CHECK (auth.role() = 'service_role');
CREATE POLICY "Moderators can view all notification logs"
ON public.notification_logs FOR SELECT
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can view all notification preferences"
ON public.user_notification_preferences FOR SELECT
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can view all review deletions"
ON public.review_deletions FOR SELECT
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can view all submission dependencies"
ON public.submission_dependencies FOR SELECT
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators can view test data registry"
ON public.test_data_registry FOR SELECT
TO authenticated
USING (is_moderator((SELECT auth.uid())));
-- ============================================================================
-- LEGACY SUBMISSION TABLES
-- ============================================================================
DROP POLICY IF EXISTS "Moderators manage coaster stats" ON public.ride_coaster_stats;
DROP POLICY IF EXISTS "Moderators manage model tech specs" ON public.ride_model_technical_specifications;
DROP POLICY IF EXISTS "Moderators manage name history" ON public.ride_name_history;
DROP POLICY IF EXISTS "Moderators manage ride tech specs" ON public.ride_technical_specifications;
CREATE POLICY "Moderators manage coaster stats"
ON public.ride_coaster_stats FOR ALL
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators manage model tech specs"
ON public.ride_model_technical_specifications FOR ALL
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators manage name history"
ON public.ride_name_history FOR ALL
TO authenticated
USING (is_moderator((SELECT auth.uid())));
CREATE POLICY "Moderators manage ride tech specs"
ON public.ride_technical_specifications FOR ALL
TO authenticated
USING (is_moderator((SELECT auth.uid())));

368
supabase/migrations/20251029014845_8e4df263-c704-4cbf-a507-a3e0918d899e.sql Normal file
View File

@@ -0,0 +1,368 @@
-- Phase 3: Optimize user-scoped RLS policies (COMPLETE & FINAL)
-- Fixes 43 user-scoped policies with all correct column names
-- Expected performance improvement: 50-80% on user-scoped queries
-- ============================================================================
-- GROUP 1: SYSTEM/RATE LIMITING (2 policies)
-- ============================================================================
DROP POLICY IF EXISTS "System can insert rate limits" ON public.rate_limits;
DROP POLICY IF EXISTS "System can update rate limits" ON public.rate_limits;
CREATE POLICY "System can insert rate limits"
ON public.rate_limits FOR INSERT
TO authenticated
WITH CHECK ((SELECT auth.uid()) = user_id);
CREATE POLICY "System can update rate limits"
ON public.rate_limits FOR UPDATE
TO authenticated
USING ((SELECT auth.uid()) = user_id);
-- ============================================================================
-- GROUP 2: USER CREATION POLICIES (10 policies)
-- ============================================================================
DROP POLICY IF EXISTS "Users can create photos" ON public.photos;
DROP POLICY IF EXISTS "Users can create photo submissions" ON public.photo_submissions;
DROP POLICY IF EXISTS "Users can create photo submission items" ON public.photo_submission_items;
DROP POLICY IF EXISTS "Users can create reports" ON public.reports;
DROP POLICY IF EXISTS "Users can create review photos" ON public.review_photos;
DROP POLICY IF EXISTS "Users can create reviews" ON public.reviews;
DROP POLICY IF EXISTS "Users can create submissions" ON public.content_submissions;
DROP POLICY IF EXISTS "Users can insert their own submission items" ON public.submission_items;
DROP POLICY IF EXISTS "Users can insert their own profile" ON public.profiles;
DROP POLICY IF EXISTS "Users can insert their own deletion requests" ON public.account_deletion_requests;
CREATE POLICY "Users can create photos"
ON public.photos FOR INSERT
TO authenticated
WITH CHECK ((SELECT auth.uid()) = submitted_by);
CREATE POLICY "Users can create photo submissions"
ON public.photo_submissions FOR INSERT
TO authenticated
WITH CHECK (EXISTS (
SELECT 1 FROM public.content_submissions cs
WHERE cs.id = photo_submissions.submission_id
AND cs.user_id = (SELECT auth.uid())
));
CREATE POLICY "Users can create photo submission items"
ON public.photo_submission_items FOR INSERT
TO authenticated
WITH CHECK (EXISTS (
SELECT 1 FROM public.photo_submissions ps
INNER JOIN public.content_submissions cs ON cs.id = ps.submission_id
WHERE ps.id = photo_submission_items.photo_submission_id
AND cs.user_id = (SELECT auth.uid())
));
CREATE POLICY "Users can create reports"
ON public.reports FOR INSERT
TO authenticated
WITH CHECK ((SELECT auth.uid()) = reporter_id);
CREATE POLICY "Users can create review photos"
ON public.review_photos FOR INSERT
TO authenticated
WITH CHECK (EXISTS (
SELECT 1 FROM public.reviews r
WHERE r.id = review_photos.review_id
AND r.user_id = (SELECT auth.uid())
));
CREATE POLICY "Users can create reviews"
ON public.reviews FOR INSERT
TO authenticated
WITH CHECK ((SELECT auth.uid()) = user_id);
CREATE POLICY "Users can create submissions"
ON public.content_submissions FOR INSERT
TO authenticated
WITH CHECK ((SELECT auth.uid()) = user_id);
CREATE POLICY "Users can insert their own submission items"
ON public.submission_items FOR INSERT
TO authenticated
WITH CHECK (EXISTS (
SELECT 1 FROM public.content_submissions cs
WHERE cs.id = submission_items.submission_id
AND cs.user_id = (SELECT auth.uid())
));
CREATE POLICY "Users can insert their own profile"
ON public.profiles FOR INSERT
WITH CHECK ((SELECT auth.uid()) = user_id);
CREATE POLICY "Users can insert their own deletion requests"
ON public.account_deletion_requests FOR INSERT
TO authenticated
WITH CHECK ((SELECT auth.uid()) = user_id);
-- ============================================================================
-- GROUP 3: SUBMISSION INSERT POLICIES (8 policies)
-- ============================================================================
DROP POLICY IF EXISTS "Users can insert their own park submissions" ON public.park_submissions;
DROP POLICY IF EXISTS "Users can insert their own ride submissions" ON public.ride_submissions;
DROP POLICY IF EXISTS "Users can insert their own company submissions" ON public.company_submissions;
DROP POLICY IF EXISTS "Users can insert their own ride model submissions" ON public.ride_model_submissions;
DROP POLICY IF EXISTS "Users can insert own timeline submissions" ON public.timeline_event_submissions;
DROP POLICY IF EXISTS "Users can insert former names for their own ride submissions" ON public.ride_submission_name_history;
DROP POLICY IF EXISTS "Users can insert specs for their own ride submissions" ON public.ride_submission_technical_specifications;
DROP POLICY IF EXISTS "Users can insert stats for their own ride submissions" ON public.ride_submission_coaster_statistics;
CREATE POLICY "Users can insert their own park submissions"
ON public.park_submissions FOR INSERT
TO authenticated
WITH CHECK (EXISTS (
SELECT 1 FROM public.content_submissions cs
WHERE cs.id = park_submissions.submission_id
AND cs.user_id = (SELECT auth.uid())
));
CREATE POLICY "Users can insert their own ride submissions"
ON public.ride_submissions FOR INSERT
TO authenticated
WITH CHECK (EXISTS (
SELECT 1 FROM public.content_submissions cs
WHERE cs.id = ride_submissions.submission_id
AND cs.user_id = (SELECT auth.uid())
));
CREATE POLICY "Users can insert their own company submissions"
ON public.company_submissions FOR INSERT
TO authenticated
WITH CHECK (EXISTS (
SELECT 1 FROM public.content_submissions cs
WHERE cs.id = company_submissions.submission_id
AND cs.user_id = (SELECT auth.uid())
));
CREATE POLICY "Users can insert their own ride model submissions"
ON public.ride_model_submissions FOR INSERT
TO authenticated
WITH CHECK (EXISTS (
SELECT 1 FROM public.content_submissions cs
WHERE cs.id = ride_model_submissions.submission_id
AND cs.user_id = (SELECT auth.uid())
));
CREATE POLICY "Users can insert own timeline submissions"
ON public.timeline_event_submissions FOR INSERT
TO authenticated
WITH CHECK (EXISTS (
SELECT 1 FROM public.content_submissions cs
WHERE cs.id = timeline_event_submissions.submission_id
AND cs.user_id = (SELECT auth.uid())
));
CREATE POLICY "Users can insert former names for their own ride submissions"
ON public.ride_submission_name_history FOR INSERT
TO authenticated
WITH CHECK (EXISTS (
SELECT 1 FROM public.ride_submissions rs
INNER JOIN public.content_submissions cs ON cs.id = rs.submission_id
WHERE rs.id = ride_submission_name_history.ride_submission_id
AND cs.user_id = (SELECT auth.uid())
));
CREATE POLICY "Users can insert specs for their own ride submissions"
ON public.ride_submission_technical_specifications FOR INSERT
TO authenticated
WITH CHECK (EXISTS (
SELECT 1 FROM public.ride_submissions rs
INNER JOIN public.content_submissions cs ON cs.id = rs.submission_id
WHERE rs.id = ride_submission_technical_specifications.ride_submission_id
AND cs.user_id = (SELECT auth.uid())
));
CREATE POLICY "Users can insert stats for their own ride submissions"
ON public.ride_submission_coaster_statistics FOR INSERT
TO authenticated
WITH CHECK (EXISTS (
SELECT 1 FROM public.ride_submissions rs
INNER JOIN public.content_submissions cs ON cs.id = rs.submission_id
WHERE rs.id = ride_submission_coaster_statistics.ride_submission_id
AND cs.user_id = (SELECT auth.uid())
));
-- ============================================================================
-- GROUP 4: USER VIEW/READ POLICIES (10 policies)
-- ============================================================================
DROP POLICY IF EXISTS "Users can view their own profile" ON public.profiles;
DROP POLICY IF EXISTS "Users can view their own profiles" ON public.profiles;
DROP POLICY IF EXISTS "Users can read their own preferences" ON public.user_preferences;
DROP POLICY IF EXISTS "Users can view their own audit log" ON public.profile_audit_log;
DROP POLICY IF EXISTS "Users can view stats for their own ride submissions" ON public.ride_submission_coaster_statistics;
DROP POLICY IF EXISTS "Users can view specs for their own ride submissions" ON public.ride_submission_technical_specifications;
DROP POLICY IF EXISTS "Users can view former names for their own ride submissions" ON public.ride_submission_name_history;
DROP POLICY IF EXISTS "Users can view own contact submissions" ON public.contact_submissions;
DROP POLICY IF EXISTS "Users can view own timeline submissions" ON public.timeline_event_submissions;
DROP POLICY IF EXISTS "Users can view public top lists" ON public.user_top_lists;
CREATE POLICY "Users can view their own profile"
ON public.profiles FOR SELECT
USING ((SELECT auth.uid()) = user_id);
CREATE POLICY "Users can read their own preferences"
ON public.user_preferences FOR SELECT
TO authenticated
USING ((SELECT auth.uid()) = user_id);
CREATE POLICY "Users can view their own audit log"
ON public.profile_audit_log FOR SELECT
TO authenticated
USING ((SELECT auth.uid()) = user_id);
CREATE POLICY "Users can view stats for their own ride submissions"
ON public.ride_submission_coaster_statistics FOR SELECT
TO authenticated
USING (EXISTS (
SELECT 1 FROM public.ride_submissions rs
INNER JOIN public.content_submissions cs ON cs.id = rs.submission_id
WHERE rs.id = ride_submission_coaster_statistics.ride_submission_id
AND cs.user_id = (SELECT auth.uid())
));
CREATE POLICY "Users can view specs for their own ride submissions"
ON public.ride_submission_technical_specifications FOR SELECT
TO authenticated
USING (EXISTS (
SELECT 1 FROM public.ride_submissions rs
INNER JOIN public.content_submissions cs ON cs.id = rs.submission_id
WHERE rs.id = ride_submission_technical_specifications.ride_submission_id
AND cs.user_id = (SELECT auth.uid())
));
CREATE POLICY "Users can view former names for their own ride submissions"
ON public.ride_submission_name_history FOR SELECT
TO authenticated
USING (EXISTS (
SELECT 1 FROM public.ride_submissions rs
INNER JOIN public.content_submissions cs ON cs.id = rs.submission_id
WHERE rs.id = ride_submission_name_history.ride_submission_id
AND cs.user_id = (SELECT auth.uid())
));
CREATE POLICY "Users can view own contact submissions"
ON public.contact_submissions FOR SELECT
TO authenticated
USING (
((SELECT auth.uid()) = user_id)
OR (((SELECT auth.uid()) IS NOT NULL) AND (email = (auth.jwt() ->> 'email'::text)))
);
CREATE POLICY "Users can view own timeline submissions"
ON public.timeline_event_submissions FOR SELECT
TO authenticated
USING (EXISTS (
SELECT 1 FROM public.content_submissions cs
WHERE cs.id = timeline_event_submissions.submission_id
AND cs.user_id = (SELECT auth.uid())
));
CREATE POLICY "Users can view public top lists"
ON public.user_top_lists FOR SELECT
USING (
(is_public = true)
OR (user_id = (SELECT auth.uid()))
);
-- ============================================================================
-- GROUP 5: USER MANAGEMENT POLICIES (11 policies)
-- ============================================================================
DROP POLICY IF EXISTS "Users can manage their own preferences" ON public.user_preferences;
DROP POLICY IF EXISTS "Users can manage their own notification preferences" ON public.user_notification_preferences;
DROP POLICY IF EXISTS "Users can manage their own ride credits" ON public.user_ride_credits;
DROP POLICY IF EXISTS "Users can manage their own top lists" ON public.user_top_lists;
DROP POLICY IF EXISTS "Users can manage their own list items" ON public.user_top_list_items;
DROP POLICY IF EXISTS "Users can manage their own blocks" ON public.user_blocks;
DROP POLICY IF EXISTS "Users can update their own profile" ON public.profiles;
DROP POLICY IF EXISTS "Users can update their own deletion requests" ON public.account_deletion_requests;
DROP POLICY IF EXISTS "Users can update their own reviews" ON public.reviews;
DROP POLICY IF EXISTS "Users can update their own review photos" ON public.review_photos;
CREATE POLICY "Users can manage their own preferences"
ON public.user_preferences FOR ALL
TO authenticated
USING ((SELECT auth.uid()) = user_id)
WITH CHECK ((SELECT auth.uid()) = user_id);
CREATE POLICY "Users can manage their own notification preferences"
ON public.user_notification_preferences FOR ALL
TO authenticated
USING ((SELECT auth.uid()) = user_id)
WITH CHECK ((SELECT auth.uid()) = user_id);
CREATE POLICY "Users can manage their own ride credits"
ON public.user_ride_credits FOR ALL
TO authenticated
USING ((SELECT auth.uid()) = user_id)
WITH CHECK ((SELECT auth.uid()) = user_id);
CREATE POLICY "Users can manage their own top lists"
ON public.user_top_lists FOR ALL
TO authenticated
USING ((SELECT auth.uid()) = user_id)
WITH CHECK ((SELECT auth.uid()) = user_id);
CREATE POLICY "Users can manage their own list items"
ON public.user_top_list_items FOR ALL
TO authenticated
USING (EXISTS (
SELECT 1 FROM public.user_top_lists utl
WHERE utl.id = user_top_list_items.list_id
AND utl.user_id = (SELECT auth.uid())
));
CREATE POLICY "Users can manage their own blocks"
ON public.user_blocks FOR ALL
TO authenticated
USING ((SELECT auth.uid()) = blocker_id)
WITH CHECK ((SELECT auth.uid()) = blocker_id);
CREATE POLICY "Users can update their own profile"
ON public.profiles FOR UPDATE
TO authenticated
USING ((SELECT auth.uid()) = user_id)
WITH CHECK ((SELECT auth.uid()) = user_id);
CREATE POLICY "Users can update their own deletion requests"
ON public.account_deletion_requests FOR UPDATE
TO authenticated
USING ((SELECT auth.uid()) = user_id)
WITH CHECK ((SELECT auth.uid()) = user_id);
CREATE POLICY "Users can update their own reviews"
ON public.reviews FOR UPDATE
TO authenticated
USING ((SELECT auth.uid()) = user_id)
WITH CHECK ((SELECT auth.uid()) = user_id);
CREATE POLICY "Users can update their own review photos"
ON public.review_photos FOR UPDATE
TO authenticated
USING (EXISTS (
SELECT 1 FROM public.reviews r
WHERE r.id = review_photos.review_id
AND r.user_id = (SELECT auth.uid())
));
-- ============================================================================
-- GROUP 6: USER DELETE POLICIES (2 policies)
-- ============================================================================
DROP POLICY IF EXISTS "Users can delete their own review photos" ON public.review_photos;
DROP POLICY IF EXISTS "Users can delete their own user role" ON public.user_roles;
CREATE POLICY "Users can delete their own review photos"
ON public.review_photos FOR DELETE
TO authenticated
USING (EXISTS (
SELECT 1 FROM public.reviews r
WHERE r.id = review_photos.review_id
AND r.user_id = (SELECT auth.uid())
));
CREATE POLICY "Users can delete their own user role"
ON public.user_roles FOR DELETE
TO authenticated
USING ((SELECT auth.uid()) = user_id);