pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-20 06:51:12 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
9a1ecb0663060b88749aa97d21ecee8bb469cfcf
thrilltrack-explorer/supabase/migrations/20251017201154_2e307a9a-49cf-49f7-bd38-468cb384c742.sql
gpt-engineer-app[bot] 09090c29f8 Fix content_submissions RLS policies
2025-10-17 20:12:10 +00:00

36 lines
1.2 KiB
SQL
Raw Blame History

-- Drop broken policies on content_submissions that directly query auth.mfa_factors
DROP POLICY IF EXISTS "Moderators can view all submissions" ON public.content_submissions;
DROP POLICY IF EXISTS "Moderators can update submissions" ON public.content_submissions;
DROP POLICY IF EXISTS "Moderators can update submissions with MFA" ON public.content_submissions;
DROP POLICY IF EXISTS "Moderators can delete submissions with MFA" ON public.content_submissions;
-- Recreate policies using has_mfa_enabled() function
CREATE POLICY "Moderators can view all submissions"
ON public.content_submissions
FOR SELECT
TO authenticated
USING (
is_moderator(auth.uid()) AND
(NOT has_mfa_enabled(auth.uid()) OR has_aal2())
);
CREATE POLICY "Moderators can update submissions"
ON public.content_submissions
FOR UPDATE
TO authenticated
USING (
is_moderator(auth.uid()) AND
(NOT has_mfa_enabled(auth.uid()) OR has_aal2())
)
WITH CHECK (
is_moderator(auth.uid()) AND
(NOT has_mfa_enabled(auth.uid()) OR has_aal2())
);
CREATE POLICY "Moderators can delete submissions with MFA"
ON public.content_submissions
FOR DELETE
TO authenticated
USING (
is_moderator(auth.uid()) AND has_aal2()
);
Reference in New Issue View Git Blame Copy Permalink