Status updates: add "hidden from board" flag

Lets management post internal status updates that don't appear in the board portal. Adds status_updates.hidden_from_board and re-creates the association-scoped RLS SELECT policy so board members can't read hidden rows (staff still see all). Dialog gains a "Hide from board" toggle, the board view filters hidden updates, and management cards show a badge. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-21 01:40:01 +00:00 · 2026-06-16 20:28:09 -04:00
parent 03cd7127a2
commit a866160482
5 changed files with 54 additions and 5 deletions
@@ -0,0 +1,19 @@
+-- Allow management to post status updates that are hidden from the board portal.
+alter table public.status_updates
+  add column if not exists hidden_from_board boolean not null default false;
+
+-- Board members can only read status_updates via association membership. Re-create
+-- that SELECT policy so association-only readers (board members) do NOT see updates
+-- flagged hidden_from_board. Staff roles (admin/manager/employee) and admins still
+-- see everything (the separate "Admins can view all status_updates" policy is unchanged).
+drop policy if exists "Authenticated users can read status updates for their associati" on public.status_updates;
+create policy "Authenticated users can read status updates for their associati"
+on public.status_updates
+for select
+to authenticated
+using (
+  ((association_id in (select get_user_association_ids())) and hidden_from_board = false)
+  or has_role(auth.uid(), 'admin'::app_role)
+  or has_role(auth.uid(), 'manager'::app_role)
+  or has_role(auth.uid(), 'employee'::app_role)
+);