pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-20 10:31:13 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
72a7cb7f7c9cc6f1728b5e5174f025675f24732f
thrilltrack-explorer/supabase/migrations/20251017233942_0ccfc5e3-b785-4b3e-a7a6-cb7c5ed580ce.sql
gpt-engineer-app[bot] cf7c9c433b Fix RLS policies
2025-10-17 23:39:54 +00:00

79 lines
2.3 KiB
SQL
Raw Blame History

-- Fix RLS policies on photo_submissions and photo_submission_items
-- Replace direct auth.mfa_factors queries with has_mfa_enabled() security definer function
-- This prevents "permission denied for table mfa_factors" errors
-- ============================================
-- Photo Submissions Table
-- ============================================
DROP POLICY IF EXISTS "Moderators can view all photo submissions" ON public.photo_submissions;
DROP POLICY IF EXISTS "Moderators can update photo submissions" ON public.photo_submissions;
DROP POLICY IF EXISTS "Moderators can delete photo submissions" ON public.photo_submissions;
CREATE POLICY "Moderators can view all photo submissions"
ON public.photo_submissions
FOR SELECT
TO authenticated
USING (
is_moderator(auth.uid()) AND (
(NOT has_mfa_enabled(auth.uid())) OR has_aal2()
)
);
CREATE POLICY "Moderators can update photo submissions"
ON public.photo_submissions
FOR UPDATE
TO authenticated
USING (
is_moderator(auth.uid()) AND (
(NOT has_mfa_enabled(auth.uid())) OR has_aal2()
)
);
CREATE POLICY "Moderators can delete photo submissions"
ON public.photo_submissions
FOR DELETE
TO authenticated
USING (
is_moderator(auth.uid()) AND (
(NOT has_mfa_enabled(auth.uid())) OR has_aal2()
)
);
-- ============================================
-- Photo Submission Items Table
-- ============================================
DROP POLICY IF EXISTS "Moderators can view all photo submission items" ON public.photo_submission_items;
DROP POLICY IF EXISTS "Moderators can update photo submission items" ON public.photo_submission_items;
DROP POLICY IF EXISTS "Moderators can delete photo submission items" ON public.photo_submission_items;
CREATE POLICY "Moderators can view all photo submission items"
ON public.photo_submission_items
FOR SELECT
TO authenticated
USING (
is_moderator(auth.uid()) AND (
(NOT has_mfa_enabled(auth.uid())) OR has_aal2()
)
);
CREATE POLICY "Moderators can update photo submission items"
ON public.photo_submission_items
FOR UPDATE
TO authenticated
USING (
is_moderator(auth.uid()) AND (
(NOT has_mfa_enabled(auth.uid())) OR has_aal2()
)
);
CREATE POLICY "Moderators can delete photo submission items"
ON public.photo_submission_items
FOR DELETE
TO authenticated
USING (
is_moderator(auth.uid()) AND (
(NOT has_mfa_enabled(auth.uid())) OR has_aal2()
)
);
Reference in New Issue View Git Blame Copy Permalink