feat: map shapes, image persistence, grab tool, layer rename/delete, i18n, page metadata
This commit is contained in:
AlacrisDevs
148
supabase/migrations/047_fix_map_rls.sql
Normal file
148
supabase/migrations/047_fix_map_rls.sql
Normal file
@@ -0,0 +1,148 @@
|
||||
-- ============================================================
|
||||
-- Fix Map Layers & Pins RLS: replace FOR ALL with explicit
|
||||
-- INSERT/UPDATE/DELETE policies that include WITH CHECK clauses
|
||||
-- ============================================================
|
||||
|
||||
-- Drop the broken FOR ALL policies
|
||||
DROP POLICY IF EXISTS "Dept members and editors can manage map layers" ON map_layers;
|
||||
DROP POLICY IF EXISTS "Dept members and editors can manage map pins" ON map_pins;
|
||||
|
||||
-- ── Map Layers ──
|
||||
|
||||
CREATE POLICY "Dept members and editors can insert map layers" ON map_layers FOR INSERT
|
||||
WITH CHECK (EXISTS (
|
||||
SELECT 1 FROM event_departments ed
|
||||
JOIN events e ON ed.event_id = e.id
|
||||
JOIN org_members om ON e.org_id = om.org_id
|
||||
WHERE ed.id = map_layers.department_id
|
||||
AND om.user_id = auth.uid()
|
||||
AND (
|
||||
om.role IN ('owner', 'admin', 'editor')
|
||||
OR EXISTS (
|
||||
SELECT 1 FROM event_member_departments emd
|
||||
JOIN event_members em ON emd.event_member_id = em.id
|
||||
WHERE emd.department_id = ed.id AND em.user_id = auth.uid()
|
||||
)
|
||||
)
|
||||
));
|
||||
|
||||
CREATE POLICY "Dept members and editors can update map layers" ON map_layers FOR UPDATE
|
||||
USING (EXISTS (
|
||||
SELECT 1 FROM event_departments ed
|
||||
JOIN events e ON ed.event_id = e.id
|
||||
JOIN org_members om ON e.org_id = om.org_id
|
||||
WHERE ed.id = map_layers.department_id
|
||||
AND om.user_id = auth.uid()
|
||||
AND (
|
||||
om.role IN ('owner', 'admin', 'editor')
|
||||
OR EXISTS (
|
||||
SELECT 1 FROM event_member_departments emd
|
||||
JOIN event_members em ON emd.event_member_id = em.id
|
||||
WHERE emd.department_id = ed.id AND em.user_id = auth.uid()
|
||||
)
|
||||
)
|
||||
))
|
||||
WITH CHECK (EXISTS (
|
||||
SELECT 1 FROM event_departments ed
|
||||
JOIN events e ON ed.event_id = e.id
|
||||
JOIN org_members om ON e.org_id = om.org_id
|
||||
WHERE ed.id = map_layers.department_id
|
||||
AND om.user_id = auth.uid()
|
||||
AND (
|
||||
om.role IN ('owner', 'admin', 'editor')
|
||||
OR EXISTS (
|
||||
SELECT 1 FROM event_member_departments emd
|
||||
JOIN event_members em ON emd.event_member_id = em.id
|
||||
WHERE emd.department_id = ed.id AND em.user_id = auth.uid()
|
||||
)
|
||||
)
|
||||
));
|
||||
|
||||
CREATE POLICY "Dept members and editors can delete map layers" ON map_layers FOR DELETE
|
||||
USING (EXISTS (
|
||||
SELECT 1 FROM event_departments ed
|
||||
JOIN events e ON ed.event_id = e.id
|
||||
JOIN org_members om ON e.org_id = om.org_id
|
||||
WHERE ed.id = map_layers.department_id
|
||||
AND om.user_id = auth.uid()
|
||||
AND (
|
||||
om.role IN ('owner', 'admin', 'editor')
|
||||
OR EXISTS (
|
||||
SELECT 1 FROM event_member_departments emd
|
||||
JOIN event_members em ON emd.event_member_id = em.id
|
||||
WHERE emd.department_id = ed.id AND em.user_id = auth.uid()
|
||||
)
|
||||
)
|
||||
));
|
||||
|
||||
-- ── Map Pins ──
|
||||
|
||||
CREATE POLICY "Dept members and editors can insert map pins" ON map_pins FOR INSERT
|
||||
WITH CHECK (EXISTS (
|
||||
SELECT 1 FROM map_layers ml
|
||||
JOIN event_departments ed ON ml.department_id = ed.id
|
||||
JOIN events e ON ed.event_id = e.id
|
||||
JOIN org_members om ON e.org_id = om.org_id
|
||||
WHERE ml.id = map_pins.layer_id
|
||||
AND om.user_id = auth.uid()
|
||||
AND (
|
||||
om.role IN ('owner', 'admin', 'editor')
|
||||
OR EXISTS (
|
||||
SELECT 1 FROM event_member_departments emd
|
||||
JOIN event_members em ON emd.event_member_id = em.id
|
||||
WHERE emd.department_id = ed.id AND em.user_id = auth.uid()
|
||||
)
|
||||
)
|
||||
));
|
||||
|
||||
CREATE POLICY "Dept members and editors can update map pins" ON map_pins FOR UPDATE
|
||||
USING (EXISTS (
|
||||
SELECT 1 FROM map_layers ml
|
||||
JOIN event_departments ed ON ml.department_id = ed.id
|
||||
JOIN events e ON ed.event_id = e.id
|
||||
JOIN org_members om ON e.org_id = om.org_id
|
||||
WHERE ml.id = map_pins.layer_id
|
||||
AND om.user_id = auth.uid()
|
||||
AND (
|
||||
om.role IN ('owner', 'admin', 'editor')
|
||||
OR EXISTS (
|
||||
SELECT 1 FROM event_member_departments emd
|
||||
JOIN event_members em ON emd.event_member_id = em.id
|
||||
WHERE emd.department_id = ed.id AND em.user_id = auth.uid()
|
||||
)
|
||||
)
|
||||
))
|
||||
WITH CHECK (EXISTS (
|
||||
SELECT 1 FROM map_layers ml
|
||||
JOIN event_departments ed ON ml.department_id = ed.id
|
||||
JOIN events e ON ed.event_id = e.id
|
||||
JOIN org_members om ON e.org_id = om.org_id
|
||||
WHERE ml.id = map_pins.layer_id
|
||||
AND om.user_id = auth.uid()
|
||||
AND (
|
||||
om.role IN ('owner', 'admin', 'editor')
|
||||
OR EXISTS (
|
||||
SELECT 1 FROM event_member_departments emd
|
||||
JOIN event_members em ON emd.event_member_id = em.id
|
||||
WHERE emd.department_id = ed.id AND em.user_id = auth.uid()
|
||||
)
|
||||
)
|
||||
));
|
||||
|
||||
CREATE POLICY "Dept members and editors can delete map pins" ON map_pins FOR DELETE
|
||||
USING (EXISTS (
|
||||
SELECT 1 FROM map_layers ml
|
||||
JOIN event_departments ed ON ml.department_id = ed.id
|
||||
JOIN events e ON ed.event_id = e.id
|
||||
JOIN org_members om ON e.org_id = om.org_id
|
||||
WHERE ml.id = map_pins.layer_id
|
||||
AND om.user_id = auth.uid()
|
||||
AND (
|
||||
om.role IN ('owner', 'admin', 'editor')
|
||||
OR EXISTS (
|
||||
SELECT 1 FROM event_member_departments emd
|
||||
JOIN event_members em ON emd.event_member_id = em.id
|
||||
WHERE emd.department_id = ed.id AND em.user_id = auth.uid()
|
||||
)
|
||||
)
|
||||
));
|
||||
Reference in New Issue
Block a user