mirror of
https://github.com/pacnpal/thrilltrack-explorer.git
synced 2025-12-23 14:51:13 -05:00
17 lines
780 B
SQL
17 lines
780 B
SQL
|
|
-- Enable RLS on the filtered_profiles view
|
|
ALTER VIEW public.filtered_profiles SET (security_invoker = on);
|
|
|
|
-- Grant explicit access to the filtered_profiles view
|
|
GRANT SELECT ON public.filtered_profiles TO authenticated, anon;
|
|
|
|
-- Add comment explaining the security model
|
|
COMMENT ON VIEW public.filtered_profiles IS
|
|
'Privacy-safe profile view that uses can_view_profile_field() to enforce field-level access control.
|
|
Sensitive fields (date_of_birth, personal_location, etc.) are conditionally shown based on:
|
|
1. User privacy settings in user_preferences table
|
|
2. Profile privacy_level (public vs private)
|
|
3. Viewer permissions (owner, moderator)
|
|
The view filters out banned users unless viewer is owner or moderator.
|
|
RLS is enforced at the row level in the WHERE clause.';
|