admin/acmcc
1
0
Fork 0
mirror of https://github.com/renee-png/acmcc.git synced 2026-06-21 09:50:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
04d1bdfb4911e24b3602e8e7dc5cc789aa63ae11
acmcc/supabase/migrations/20260424215131_554c6cce-0ec8-4286-a9c5-ac196001f959.sql
T
admin 183fe0a93c Add ACMCC app source, Supabase backend, and project config 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-01 20:19:26 -04:00

91 lines
4.1 KiB
SQL
Raw Blame History

-- Vendor email mapping for inbound bill parsing
CREATE TABLE public.vendor_email_mappings (
id UUID NOT NULL DEFAULT gen_random_uuid() PRIMARY KEY,
email TEXT NOT NULL,
association_id UUID NOT NULL REFERENCES public.associations(id) ON DELETE CASCADE,
vendor_id UUID REFERENCES public.vendors(id) ON DELETE SET NULL,
vendor_name TEXT,
notes TEXT,
created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(),
updated_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(),
created_by UUID,
UNIQUE (email, association_id)
);
CREATE INDEX idx_vendor_email_mappings_email ON public.vendor_email_mappings (lower(email));
CREATE INDEX idx_vendor_email_mappings_association ON public.vendor_email_mappings (association_id);
ALTER TABLE public.vendor_email_mappings ENABLE ROW LEVEL SECURITY;
CREATE POLICY "Staff can view vendor email mappings"
ON public.vendor_email_mappings FOR SELECT TO authenticated
USING (public.has_role(auth.uid(), 'admin'::public.app_role) OR public.has_role(auth.uid(), 'manager'::public.app_role));
CREATE POLICY "Staff can manage vendor email mappings"
ON public.vendor_email_mappings FOR ALL TO authenticated
USING (public.has_role(auth.uid(), 'admin'::public.app_role) OR public.has_role(auth.uid(), 'manager'::public.app_role))
WITH CHECK (public.has_role(auth.uid(), 'admin'::public.app_role) OR public.has_role(auth.uid(), 'manager'::public.app_role));
CREATE TRIGGER update_vendor_email_mappings_updated_at
BEFORE UPDATE ON public.vendor_email_mappings
FOR EACH ROW EXECUTE FUNCTION public.update_updated_at_column();
-- Quarantine table for inbound bill emails (unknown sender or parse failure)
CREATE TABLE public.inbound_bill_emails (
id UUID NOT NULL DEFAULT gen_random_uuid() PRIMARY KEY,
from_email TEXT,
from_name TEXT,
to_email TEXT,
subject TEXT,
body_text TEXT,
attachment_url TEXT,
attachment_filename TEXT,
attachment_storage_path TEXT,
parsed_data JSONB,
status TEXT NOT NULL DEFAULT 'unassigned', -- unassigned | processed | rejected | error
error_message TEXT,
association_id UUID REFERENCES public.associations(id) ON DELETE SET NULL,
bill_id UUID REFERENCES public.bills(id) ON DELETE SET NULL,
raw_payload JSONB,
created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(),
updated_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(),
processed_at TIMESTAMP WITH TIME ZONE,
processed_by UUID
);
CREATE INDEX idx_inbound_bill_emails_status ON public.inbound_bill_emails (status, created_at DESC);
CREATE INDEX idx_inbound_bill_emails_assoc ON public.inbound_bill_emails (association_id);
ALTER TABLE public.inbound_bill_emails ENABLE ROW LEVEL SECURITY;
CREATE POLICY "Staff can view inbound bill emails"
ON public.inbound_bill_emails FOR SELECT TO authenticated
USING (public.has_role(auth.uid(), 'admin'::public.app_role) OR public.has_role(auth.uid(), 'manager'::public.app_role));
CREATE POLICY "Staff can manage inbound bill emails"
ON public.inbound_bill_emails FOR ALL TO authenticated
USING (public.has_role(auth.uid(), 'admin'::public.app_role) OR public.has_role(auth.uid(), 'manager'::public.app_role))
WITH CHECK (public.has_role(auth.uid(), 'admin'::public.app_role) OR public.has_role(auth.uid(), 'manager'::public.app_role));
CREATE TRIGGER update_inbound_bill_emails_updated_at
BEFORE UPDATE ON public.inbound_bill_emails
FOR EACH ROW EXECUTE FUNCTION public.update_updated_at_column();
-- Storage bucket for inbound email attachments (private)
INSERT INTO storage.buckets (id, name, public)
VALUES ('inbound-bill-attachments', 'inbound-bill-attachments', false)
ON CONFLICT (id) DO NOTHING;
CREATE POLICY "Staff can read inbound bill attachments"
ON storage.objects FOR SELECT TO authenticated
USING (
bucket_id = 'inbound-bill-attachments'
AND (public.has_role(auth.uid(), 'admin'::public.app_role) OR public.has_role(auth.uid(), 'manager'::public.app_role))
);
CREATE POLICY "Staff can upload inbound bill attachments"
ON storage.objects FOR INSERT TO authenticated
WITH CHECK (
bucket_id = 'inbound-bill-attachments'
AND (public.has_role(auth.uid(), 'admin'::public.app_role) OR public.has_role(auth.uid(), 'manager'::public.app_role))
);
Reference in New Issue View Git Blame Copy Permalink