sass/root-org
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
2a28d88849bc88de38c9cc6374dffea21ab478a7
root-org/supabase/migrations/047_fix_map_rls.sql

149 lines
5.2 KiB
SQL
Raw Blame History

-- ============================================================
-- Fix Map Layers & Pins RLS: replace FOR ALL with explicit
-- INSERT/UPDATE/DELETE policies that include WITH CHECK clauses
-- ============================================================
-- Drop the broken FOR ALL policies
DROP POLICY IF EXISTS "Dept members and editors can manage map layers" ON map_layers;
DROP POLICY IF EXISTS "Dept members and editors can manage map pins" ON map_pins;
-- ── Map Layers ──
CREATE POLICY "Dept members and editors can insert map layers" ON map_layers FOR INSERT
WITH CHECK (EXISTS (
SELECT 1 FROM event_departments ed
JOIN events e ON ed.event_id = e.id
JOIN org_members om ON e.org_id = om.org_id
WHERE ed.id = map_layers.department_id
AND om.user_id = auth.uid()
AND (
om.role IN ('owner', 'admin', 'editor')
OR EXISTS (
SELECT 1 FROM event_member_departments emd
JOIN event_members em ON emd.event_member_id = em.id
WHERE emd.department_id = ed.id AND em.user_id = auth.uid()
)
)
));
CREATE POLICY "Dept members and editors can update map layers" ON map_layers FOR UPDATE
USING (EXISTS (
SELECT 1 FROM event_departments ed
JOIN events e ON ed.event_id = e.id
JOIN org_members om ON e.org_id = om.org_id
WHERE ed.id = map_layers.department_id
AND om.user_id = auth.uid()
AND (
om.role IN ('owner', 'admin', 'editor')
OR EXISTS (
SELECT 1 FROM event_member_departments emd
JOIN event_members em ON emd.event_member_id = em.id
WHERE emd.department_id = ed.id AND em.user_id = auth.uid()
)
)
))
WITH CHECK (EXISTS (
SELECT 1 FROM event_departments ed
JOIN events e ON ed.event_id = e.id
JOIN org_members om ON e.org_id = om.org_id
WHERE ed.id = map_layers.department_id
AND om.user_id = auth.uid()
AND (
om.role IN ('owner', 'admin', 'editor')
OR EXISTS (
SELECT 1 FROM event_member_departments emd
JOIN event_members em ON emd.event_member_id = em.id
WHERE emd.department_id = ed.id AND em.user_id = auth.uid()
)
)
));
CREATE POLICY "Dept members and editors can delete map layers" ON map_layers FOR DELETE
USING (EXISTS (
SELECT 1 FROM event_departments ed
JOIN events e ON ed.event_id = e.id
JOIN org_members om ON e.org_id = om.org_id
WHERE ed.id = map_layers.department_id
AND om.user_id = auth.uid()
AND (
om.role IN ('owner', 'admin', 'editor')
OR EXISTS (
SELECT 1 FROM event_member_departments emd
JOIN event_members em ON emd.event_member_id = em.id
WHERE emd.department_id = ed.id AND em.user_id = auth.uid()
)
)
));
-- ── Map Pins ──
CREATE POLICY "Dept members and editors can insert map pins" ON map_pins FOR INSERT
WITH CHECK (EXISTS (
SELECT 1 FROM map_layers ml
JOIN event_departments ed ON ml.department_id = ed.id
JOIN events e ON ed.event_id = e.id
JOIN org_members om ON e.org_id = om.org_id
WHERE ml.id = map_pins.layer_id
AND om.user_id = auth.uid()
AND (
om.role IN ('owner', 'admin', 'editor')
OR EXISTS (
SELECT 1 FROM event_member_departments emd
JOIN event_members em ON emd.event_member_id = em.id
WHERE emd.department_id = ed.id AND em.user_id = auth.uid()
)
)
));
CREATE POLICY "Dept members and editors can update map pins" ON map_pins FOR UPDATE
USING (EXISTS (
SELECT 1 FROM map_layers ml
JOIN event_departments ed ON ml.department_id = ed.id
JOIN events e ON ed.event_id = e.id
JOIN org_members om ON e.org_id = om.org_id
WHERE ml.id = map_pins.layer_id
AND om.user_id = auth.uid()
AND (
om.role IN ('owner', 'admin', 'editor')
OR EXISTS (
SELECT 1 FROM event_member_departments emd
JOIN event_members em ON emd.event_member_id = em.id
WHERE emd.department_id = ed.id AND em.user_id = auth.uid()
)
)
))
WITH CHECK (EXISTS (
SELECT 1 FROM map_layers ml
JOIN event_departments ed ON ml.department_id = ed.id
JOIN events e ON ed.event_id = e.id
JOIN org_members om ON e.org_id = om.org_id
WHERE ml.id = map_pins.layer_id
AND om.user_id = auth.uid()
AND (
om.role IN ('owner', 'admin', 'editor')
OR EXISTS (
SELECT 1 FROM event_member_departments emd
JOIN event_members em ON emd.event_member_id = em.id
WHERE emd.department_id = ed.id AND em.user_id = auth.uid()
)
)
));
CREATE POLICY "Dept members and editors can delete map pins" ON map_pins FOR DELETE
USING (EXISTS (
SELECT 1 FROM map_layers ml
JOIN event_departments ed ON ml.department_id = ed.id
JOIN events e ON ed.event_id = e.id
JOIN org_members om ON e.org_id = om.org_id
WHERE ml.id = map_pins.layer_id
AND om.user_id = auth.uid()
AND (
om.role IN ('owner', 'admin', 'editor')
OR EXISTS (
SELECT 1 FROM event_member_departments emd
JOIN event_members em ON emd.event_member_id = em.id
WHERE emd.department_id = ed.id AND em.user_id = auth.uid()
)
)
));
Reference in New Issue View Git Blame Copy Permalink