Dennis
14a32bdc0d
- Unified monorepo with backend (Express), frontend (Next.js), and devops - Backend: ESLint, Prettier, Jest tests (3 passing), health endpoint, .env.example - Frontend: Fixed build errors, fixed all lint errors (0 remaining), tests passing - DevOps: Docker Compose with PostgreSQL, backend, frontend + healthchecks - CI/CD: 3 GitHub Actions workflows (backend, frontend, docker integration) - DX: Husky pre-commit hooks with smart change detection - Docs: Root README with architecture, CONTRIBUTING.md, PR template Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
61 lines
2.7 KiB
SQL
61 lines
2.7 KiB
SQL
-- Comprehensive fix for user RLS policies
|
|
-- Drop ALL existing policies and recreate them correctly
|
|
|
|
-- First, disable RLS temporarily to clear all policies
|
|
ALTER TABLE "public"."users" DISABLE ROW LEVEL SECURITY;
|
|
|
|
-- Re-enable RLS
|
|
ALTER TABLE "public"."users" ENABLE ROW LEVEL SECURITY;
|
|
|
|
-- Drop ALL existing policies (if they exist)
|
|
DROP POLICY IF EXISTS "Allow user insert for anon" ON "public"."users";
|
|
DROP POLICY IF EXISTS "Allow user insert for authenticated" ON "public"."users";
|
|
DROP POLICY IF EXISTS "Allow user insert for authenticator" ON "public"."users";
|
|
DROP POLICY IF EXISTS "Allow user insert for dashboard_user" ON "public"."users";
|
|
DROP POLICY IF EXISTS "Allow user profile creation during registration" ON "public"."users";
|
|
DROP POLICY IF EXISTS "Allow authenticated user profile creation" ON "public"."users";
|
|
DROP POLICY IF EXISTS "Allow user profile creation for service role" ON "public"."users";
|
|
DROP POLICY IF EXISTS "Users can view their own profile" ON "public"."users";
|
|
DROP POLICY IF EXISTS "Users can update their own profile" ON "public"."users";
|
|
DROP POLICY IF EXISTS "Users can view profiles in their organization" ON "public"."users";
|
|
|
|
-- Create comprehensive policies for all scenarios
|
|
-- 1. Allow anonymous users to create profiles during registration
|
|
CREATE POLICY "Allow user profile creation during registration" ON "public"."users"
|
|
FOR INSERT TO "anon" WITH CHECK (true);
|
|
|
|
-- 2. Allow authenticated users to create their own profile
|
|
CREATE POLICY "Allow authenticated user profile creation" ON "public"."users"
|
|
FOR INSERT TO "authenticated" WITH CHECK (auth.uid() = id);
|
|
|
|
-- 3. Allow service role to create user profiles
|
|
CREATE POLICY "Allow user profile creation for service role" ON "public"."users"
|
|
FOR INSERT TO "service_role" WITH CHECK (true);
|
|
|
|
-- 4. Allow users to view their own profile
|
|
CREATE POLICY "Users can view their own profile" ON "public"."users"
|
|
FOR SELECT TO "authenticated" USING (auth.uid() = id);
|
|
|
|
-- 5. Allow users to view profiles in their organization
|
|
CREATE POLICY "Users can view profiles in their organization" ON "public"."users"
|
|
FOR SELECT TO "authenticated" USING (
|
|
organization_id IN (
|
|
SELECT organization_id FROM "public"."users" WHERE id = auth.uid()
|
|
)
|
|
);
|
|
|
|
-- 6. Allow users to update their own profile
|
|
CREATE POLICY "Users can update their own profile" ON "public"."users"
|
|
FOR UPDATE TO "authenticated" USING (auth.uid() = id);
|
|
|
|
-- 7. Allow service role to view all users
|
|
CREATE POLICY "Service role can view all users" ON "public"."users"
|
|
FOR SELECT TO "service_role" USING (true);
|
|
|
|
-- 8. Allow service role to update all users
|
|
CREATE POLICY "Service role can update all users" ON "public"."users"
|
|
FOR UPDATE TO "service_role" USING (true);
|
|
|
|
-- Refresh schema cache
|
|
NOTIFY pgrst, 'reload schema';
|