admin/acmcc
1
0
Fork 0
mirror of https://github.com/renee-png/acmcc.git synced 2026-06-21 09:50:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Board-member upload permission for documents & bids/quotes

Browse Source 
Add a "Allow document & bid/quote uploads" toggle on board member profiles
(board_members.can_upload). When enabled, that board member can upload
association documents and create/manage bids & quotes for their association(s);
otherwise the board portal stays read-only for them.

- Migration (prod): board_members.can_upload column; tighten the documents
  insert + storage 'files' upload policies to require can_upload; add a
  bids_quotes board policy gated on can_upload.
- BoardMembersPage: permission switch (load/save).
- BoardAssociationContext: expose canUpload for the selected association.
- DocumentsPage: board upload gated by the flag (was always-on for board).
- BidsQuotesPage: permitted board members can add/manage bids (was hidden);
  board inserts target the board's association.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
renee-png
2026-06-01 23:33:09 -04:00
parent 2fd311c8a2
commit a3a0b706a1
7 changed files with 105 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
supabase/migrations/20260601170000_board_member_upload_permission.sql
+42
View File
@@ -0,0 +1,42 @@
-- Per-board-member "can upload" permission. When enabled, that board member may
-- upload association documents (files bucket + documents table) and create/manage
-- bids & quotes for their association(s). Default off.
alter table public.board_members
add column if not exists can_upload boolean not null default false;
-- Documents: tighten the existing board insert policy to require the flag.
alter policy "Board members can insert association documents" on public.documents
with check (
association_id in (
select bm.association_id from public.board_members bm
where bm.user_id = auth.uid() and bm.can_upload
)
);
-- Storage (files bucket): same gate on the board upload policy.
alter policy "Board members can upload association files" on storage.objects
with check (
bucket_id = 'files'
and ((storage.foldername(name))[1])::uuid in (
select bm.association_id from public.board_members bm
where bm.user_id = auth.uid() and bm.can_upload
)
);
-- Bids & Quotes: allow permitted board members to manage their association's bids.
drop policy if exists "Board members manage association bids" on public.bids_quotes;
create policy "Board members manage association bids" on public.bids_quotes
for all
using (
association_id in (
select bm.association_id from public.board_members bm
where bm.user_id = auth.uid() and bm.can_upload
)
)
with check (
association_id in (
select bm.association_id from public.board_members bm
where bm.user_id = auth.uid() and bm.can_upload
)
);