pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-20 06:31:13 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
c0e4a4abf29b29e8fefd9a72e341de1e41d4ad42
thrilltrack-explorer/supabase/migrations/20251104151915_ab4e6a7a-cd0c-46f4-be81-109db74c6c47.sql
gpt-engineer-app[bot] 80ee91c837 Fix RLS policies
2025-11-04 15:19:32 +00:00

72 lines
3.0 KiB
SQL
Raw Blame History

-- Fix RLS policies to use block_aal1_with_mfa() instead of direct auth.mfa_factors queries
-- This resolves "permission denied for table mfa_factors" errors
-- ==========================================
-- submission_items policies
-- ==========================================
DROP POLICY IF EXISTS "Moderators can delete submission items" ON public.submission_items;
CREATE POLICY "Moderators can delete submission items"
ON public.submission_items FOR DELETE
TO authenticated
USING (is_moderator(auth.uid()) AND block_aal1_with_mfa());
DROP POLICY IF EXISTS "Moderators can insert submission items" ON public.submission_items;
CREATE POLICY "Moderators can insert submission items"
ON public.submission_items FOR INSERT
TO authenticated
WITH CHECK (is_moderator(auth.uid()) AND block_aal1_with_mfa());
-- ==========================================
-- park_submissions policies
-- ==========================================
DROP POLICY IF EXISTS "Moderators can delete park submissions" ON public.park_submissions;
CREATE POLICY "Moderators can delete park submissions"
ON public.park_submissions FOR DELETE
TO authenticated
USING (is_moderator(auth.uid()) AND block_aal1_with_mfa());
DROP POLICY IF EXISTS "Moderators can update park submissions" ON public.park_submissions;
CREATE POLICY "Moderators can update park submissions"
ON public.park_submissions FOR UPDATE
TO authenticated
USING (is_moderator(auth.uid()) AND block_aal1_with_mfa());
DROP POLICY IF EXISTS "Moderators can view all park submissions" ON public.park_submissions;
CREATE POLICY "Moderators can view all park submissions"
ON public.park_submissions FOR SELECT
TO authenticated
USING (is_moderator(auth.uid()) AND block_aal1_with_mfa());
-- ==========================================
-- ride_submissions policies
-- ==========================================
DROP POLICY IF EXISTS "Moderators can delete ride submissions" ON public.ride_submissions;
CREATE POLICY "Moderators can delete ride submissions"
ON public.ride_submissions FOR DELETE
TO authenticated
USING (is_moderator(auth.uid()) AND block_aal1_with_mfa());
DROP POLICY IF EXISTS "Moderators can update ride submissions" ON public.ride_submissions;
CREATE POLICY "Moderators can update ride submissions"
ON public.ride_submissions FOR UPDATE
TO authenticated
USING (is_moderator(auth.uid()) AND block_aal1_with_mfa());
DROP POLICY IF EXISTS "Moderators can view all ride submissions" ON public.ride_submissions;
CREATE POLICY "Moderators can view all ride submissions"
ON public.ride_submissions FOR SELECT
TO authenticated
USING (is_moderator(auth.uid()) AND block_aal1_with_mfa());
-- ==========================================
-- photo_submissions policies
-- ==========================================
DROP POLICY IF EXISTS "Moderators can delete photo submissions" ON public.photo_submissions;
CREATE POLICY "Moderators can delete photo submissions"
ON public.photo_submissions FOR DELETE
TO authenticated
USING (is_moderator(auth.uid()) AND block_aal1_with_mfa());
Reference in New Issue View Git Blame Copy Permalink