admin/acmcc
1
0
Fork 0
mirror of https://github.com/renee-png/acmcc.git synced 2026-06-21 01:40:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
acmcc/supabase/migrations/20260607230000_rv_renter_insurance_requests.sql
T
admin 308af20aa1 RV/Boat Lots: request renter insurance (vendor-style flow) 
Phase 4. Mirror the vendor insurance request flow for RV/boat renters:
- Migration: insurance fields on rv_boat_lot_rentals + rv_renter_insurance_requests
  table + token-scoped lookup/submit SECURITY DEFINER RPCs (granted to anon).
- Edge fn send-rv-renter-insurance-request emails the renter a secure link
  (reuses the vendor-insurance-request email template).
- Public page /rv-insurance/:token to submit carrier/policy/expiration + COI upload.
- "Request Insurance" button on each active rental + insurance status display.

DB RPCs verified end-to-end (rolled-back txn): submit matches token, updates the
rental, marks the request submitted. Edge function deployed.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-07 20:16:31 -04:00

82 lines
3.4 KiB
PL/PgSQL
Raw Permalink Blame History

-- RV/Boat renter insurance: mirror of the vendor insurance request flow.
-- Adds insurance fields to rentals, a token-based request table, and the
-- public lookup/submit RPCs used by the renter-facing submission page.
alter table public.rv_boat_lot_rentals
add column if not exists insurance_carrier text,
add column if not exists insurance_policy_number text,
add column if not exists insurance_expiration_date date,
add column if not exists insurance_document_url text;
create table if not exists public.rv_renter_insurance_requests (
id uuid primary key default gen_random_uuid(),
rental_id uuid not null references public.rv_boat_lot_rentals(id) on delete cascade,
token text not null default encode(gen_random_bytes(24), 'hex'),
sent_to_email text,
sent_at timestamptz default now(),
submitted_at timestamptz,
expires_at timestamptz default (now() + interval '30 days'),
created_by uuid,
created_at timestamptz default now()
);
create index if not exists idx_rv_renter_ins_req_token on public.rv_renter_insurance_requests(token);
create index if not exists idx_rv_renter_ins_req_rental on public.rv_renter_insurance_requests(rental_id);
alter table public.rv_renter_insurance_requests enable row level security;
drop policy if exists "Staff manage rv renter insurance requests" on public.rv_renter_insurance_requests;
create policy "Staff manage rv renter insurance requests"
on public.rv_renter_insurance_requests for all
to authenticated
using (has_role(auth.uid(), 'admin'::app_role) or has_role(auth.uid(), 'manager'::app_role) or has_role(auth.uid(), 'association_management'::app_role))
with check (has_role(auth.uid(), 'admin'::app_role) or has_role(auth.uid(), 'manager'::app_role) or has_role(auth.uid(), 'association_management'::app_role));
-- Public, token-scoped lookup (no direct table access needed by the renter).
create or replace function public.lookup_rv_renter_insurance_request(p_token text)
returns table(request_id uuid, rental_id uuid, renter_name text, expires_at timestamptz, submitted_at timestamptz)
language sql stable security definer set search_path to 'public'
as $$
select r.id, rn.id, rn.renter_name, r.expires_at, r.submitted_at
from public.rv_renter_insurance_requests r
join public.rv_boat_lot_rentals rn on rn.id = r.rental_id
where r.token = p_token
limit 1;
$$;
create or replace function public.submit_rv_renter_insurance(
p_token text,
p_carrier text,
p_policy_number text,
p_expiration_date date,
p_document_url text default null
) returns boolean
language plpgsql security definer set search_path to 'public'
as $$
declare
v_request record;
begin
select * into v_request from public.rv_renter_insurance_requests
where token = p_token and expires_at > now() and submitted_at is null
limit 1;
if v_request is null then
return false;
end if;
update public.rv_boat_lot_rentals
set insurance_carrier = p_carrier,
insurance_policy_number = p_policy_number,
insurance_expiration_date = p_expiration_date,
insurance_document_url = coalesce(p_document_url, insurance_document_url),
updated_at = now()
where id = v_request.rental_id;
update public.rv_renter_insurance_requests set submitted_at = now() where id = v_request.id;
return true;
end;
$$;
grant execute on function public.lookup_rv_renter_insurance_request(text) to anon, authenticated;
grant execute on function public.submit_rv_renter_insurance(text, text, text, date, text) to anon, authenticated;
Reference in New Issue View Git Blame Copy Permalink