pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-20 06:51:12 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
c0e4a4abf29b29e8fefd9a72e341de1e41d4ad42
thrilltrack-explorer/supabase/migrations/20251104163017_0b5975ea-d452-45aa-8dd4-77b41c557351.sql
gpt-engineer-app[bot] 05acd49334 Fix RLS policy for test data registry
2025-11-04 16:30:33 +00:00

31 lines
1.0 KiB
SQL
Raw Blame History

-- Relax RLS on test_data_registry to not require MFA for management operations
-- Separate SELECT (viewing) from INSERT/UPDATE/DELETE (management)
-- Drop ALL existing policies on test_data_registry
DROP POLICY IF EXISTS "Moderators can manage test data registry" ON test_data_registry;
DROP POLICY IF EXISTS "Moderators can view test data registry" ON test_data_registry;
-- Keep MFA requirement for viewing (sensitive operation tracking)
CREATE POLICY "Moderators can view test data registry"
ON test_data_registry
FOR SELECT
TO authenticated
USING (
is_moderator(auth.uid())
AND (
(NOT EXISTS (
SELECT 1 FROM auth.mfa_factors
WHERE user_id = auth.uid() AND status = 'verified'
))
OR has_aal2()
)
);
-- Allow moderators to insert/update/delete without MFA requirement
-- Test data cleanup is a low-risk development operation
CREATE POLICY "Moderators can manage test data registry"
ON test_data_registry
FOR ALL
TO authenticated
USING (is_moderator(auth.uid()))
WITH CHECK (is_moderator(auth.uid()));
Reference in New Issue View Git Blame Copy Permalink