admin/acmcc
1
0
Fork 0
mirror of https://github.com/renee-png/acmcc.git synced 2026-06-21 09:50:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
36787b193dfde471c28b5f2a09bf847973a863f4
acmcc/supabase/migrations/20260317183951_57d87c16-46fe-462f-ad0c-fb8cef66e100.sql
T
admin 183fe0a93c Add ACMCC app source, Supabase backend, and project config 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-01 20:19:26 -04:00

65 lines
2.8 KiB
SQL
Raw Blame History

-- 1. Create public_form_submission_reports table
CREATE TABLE public.public_form_submission_reports (
id UUID NOT NULL DEFAULT gen_random_uuid() PRIMARY KEY,
submission_id UUID NOT NULL REFERENCES public.public_form_submissions(id) ON DELETE CASCADE,
template_id UUID NOT NULL REFERENCES public.public_form_templates(id) ON DELETE CASCADE,
association_id UUID NOT NULL REFERENCES public.associations(id) ON DELETE CASCADE,
report_data JSONB,
status TEXT NOT NULL DEFAULT 'generated',
generated_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(),
created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(),
updated_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now()
);
-- Enable RLS
ALTER TABLE public.public_form_submission_reports ENABLE ROW LEVEL SECURITY;
-- Staff can manage reports
CREATE POLICY "Staff can manage submission reports"
ON public.public_form_submission_reports
FOR ALL
TO authenticated
USING (has_role(auth.uid(), 'admin') OR has_role(auth.uid(), 'manager'))
WITH CHECK (has_role(auth.uid(), 'admin') OR has_role(auth.uid(), 'manager'));
-- 2. Add report_styling column to public_form_templates if missing
ALTER TABLE public.public_form_templates ADD COLUMN IF NOT EXISTS report_styling JSONB;
-- 3. Fix shared_links: ensure share_token has a default so INSERT works
ALTER TABLE public.shared_links ALTER COLUMN share_token SET DEFAULT encode(gen_random_bytes(16), 'hex');
-- 4. Fix the documents anon policy - it's too permissive (allows reading ALL documents)
-- Replace with a scoped policy that only allows reading documents referenced by a public shared link
DROP POLICY IF EXISTS "Anon can read documents via shared links" ON public.documents;
CREATE POLICY "Anon can read documents via shared links"
ON public.documents
FOR SELECT
TO anon
USING (
id IN (
SELECT sl.document_id FROM public.shared_links sl WHERE sl.is_public = true AND sl.document_id IS NOT NULL
)
OR
category IN (
SELECT sl.folder_name FROM public.shared_links sl WHERE sl.is_public = true AND sl.share_type = 'folder'
)
);
-- 5. Add employee/staff roles to shared_links policy so non-admin staff can create share links
DROP POLICY IF EXISTS "Staff full access on shared_links" ON public.shared_links;
CREATE POLICY "Staff full access on shared_links"
ON public.shared_links
FOR ALL
TO authenticated
USING (has_role(auth.uid(), 'admin') OR has_role(auth.uid(), 'manager') OR has_role(auth.uid(), 'employee') OR has_role(auth.uid(), 'staff'))
WITH CHECK (has_role(auth.uid(), 'admin') OR has_role(auth.uid(), 'manager') OR has_role(auth.uid(), 'employee') OR has_role(auth.uid(), 'staff'));
-- Trigger for updated_at
CREATE TRIGGER update_public_form_submission_reports_updated_at
BEFORE UPDATE ON public.public_form_submission_reports
FOR EACH ROW
EXECUTE FUNCTION public.update_updated_at_column();
Reference in New Issue View Git Blame Copy Permalink