Dashbaord fixes

2026-02-07 22:29:09 +02:00
parent d22847f555
commit 23693db9ec
4 changed files with 509 additions and 43 deletions
--- a/supabase/migrations/031_platform_admin_rls.sql
+++ b/supabase/migrations/031_platform_admin_rls.sql
@@ -0,0 +1,56 @@
+-- Platform admins can read/write all data across the platform
+-- This bypasses org-membership-based RLS for users with is_platform_admin = true
+
+-- Helper function to check if current user is a platform admin
+CREATE OR REPLACE FUNCTION is_platform_admin()
+RETURNS BOOLEAN AS $$
+  SELECT EXISTS (
+    SELECT 1 FROM profiles
+    WHERE id = auth.uid()
+    AND is_platform_admin = true
+  );
+$$ LANGUAGE sql SECURITY DEFINER STABLE;
+
+-- Organizations: platform admins can do everything
+CREATE POLICY "Platform admins full access to organizations" ON organizations
+  USING (is_platform_admin()) WITH CHECK (is_platform_admin());
+
+-- Org Members: platform admins can see all memberships
+CREATE POLICY "Platform admins full access to org_members" ON org_members
+  USING (is_platform_admin()) WITH CHECK (is_platform_admin());
+
+-- Profiles: platform admins can update any profile
+CREATE POLICY "Platform admins can update profiles" ON profiles FOR UPDATE
+  USING (is_platform_admin()) WITH CHECK (is_platform_admin());
+
+-- Events: platform admins can do everything
+CREATE POLICY "Platform admins full access to events" ON events
+  USING (is_platform_admin()) WITH CHECK (is_platform_admin());
+
+-- Event members: platform admins can do everything
+CREATE POLICY "Platform admins full access to event_members" ON event_members
+  USING (is_platform_admin()) WITH CHECK (is_platform_admin());
+
+-- Documents: platform admins can do everything
+CREATE POLICY "Platform admins full access to documents" ON documents
+  USING (is_platform_admin()) WITH CHECK (is_platform_admin());
+
+-- Kanban boards: platform admins can do everything
+CREATE POLICY "Platform admins full access to kanban_boards" ON kanban_boards
+  USING (is_platform_admin()) WITH CHECK (is_platform_admin());
+
+-- Calendar events: platform admins can do everything
+CREATE POLICY "Platform admins full access to calendar_events" ON calendar_events
+  USING (is_platform_admin()) WITH CHECK (is_platform_admin());
+
+-- Org roles: platform admins can do everything
+CREATE POLICY "Platform admins full access to org_roles" ON org_roles
+  USING (is_platform_admin()) WITH CHECK (is_platform_admin());
+
+-- Org invites: platform admins can do everything
+CREATE POLICY "Platform admins full access to org_invites" ON org_invites
+  USING (is_platform_admin()) WITH CHECK (is_platform_admin());
+
+-- Event departments: platform admins can do everything
+CREATE POLICY "Platform admins full access to event_departments" ON event_departments
+  USING (is_platform_admin()) WITH CHECK (is_platform_admin());