mirror of
https://github.com/renee-png/acmcc.git
synced 2026-06-21 09:50:01 +00:00
89 lines
3.2 KiB
PL/PgSQL
89 lines
3.2 KiB
PL/PgSQL
|
|
-- Add insurance fields to vendors
|
|
ALTER TABLE public.vendors
|
|
ADD COLUMN IF NOT EXISTS insurance_carrier TEXT,
|
|
ADD COLUMN IF NOT EXISTS insurance_policy_number TEXT,
|
|
ADD COLUMN IF NOT EXISTS insurance_expiration_date DATE,
|
|
ADD COLUMN IF NOT EXISTS insurance_document_url TEXT;
|
|
|
|
-- Token table for public submission links
|
|
CREATE TABLE IF NOT EXISTS public.vendor_insurance_requests (
|
|
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
|
vendor_id UUID NOT NULL REFERENCES public.vendors(id) ON DELETE CASCADE,
|
|
token TEXT NOT NULL UNIQUE DEFAULT encode(gen_random_bytes(24), 'hex'),
|
|
sent_to_email TEXT,
|
|
sent_at TIMESTAMPTZ NOT NULL DEFAULT now(),
|
|
submitted_at TIMESTAMPTZ,
|
|
expires_at TIMESTAMPTZ NOT NULL DEFAULT (now() + interval '30 days'),
|
|
created_by UUID,
|
|
created_at TIMESTAMPTZ NOT NULL DEFAULT now()
|
|
);
|
|
|
|
CREATE INDEX IF NOT EXISTS idx_vendor_insurance_requests_token ON public.vendor_insurance_requests(token);
|
|
CREATE INDEX IF NOT EXISTS idx_vendor_insurance_requests_vendor ON public.vendor_insurance_requests(vendor_id);
|
|
|
|
ALTER TABLE public.vendor_insurance_requests ENABLE ROW LEVEL SECURITY;
|
|
|
|
CREATE POLICY "Staff manage vendor insurance requests"
|
|
ON public.vendor_insurance_requests FOR ALL
|
|
TO authenticated
|
|
USING (public.has_role(auth.uid(), 'admin'::public.app_role) OR public.has_role(auth.uid(), 'manager'::public.app_role))
|
|
WITH CHECK (public.has_role(auth.uid(), 'admin'::public.app_role) OR public.has_role(auth.uid(), 'manager'::public.app_role));
|
|
|
|
-- Public lookup (anonymous) by token to validate the link
|
|
CREATE OR REPLACE FUNCTION public.lookup_vendor_insurance_request(p_token TEXT)
|
|
RETURNS TABLE(
|
|
request_id UUID, vendor_id UUID, vendor_name TEXT, vendor_email TEXT,
|
|
expires_at TIMESTAMPTZ, submitted_at TIMESTAMPTZ
|
|
)
|
|
LANGUAGE sql STABLE SECURITY DEFINER SET search_path = public
|
|
AS $$
|
|
SELECT r.id, v.id, v.name, v.email, r.expires_at, r.submitted_at
|
|
FROM public.vendor_insurance_requests r
|
|
JOIN public.vendors v ON v.id = r.vendor_id
|
|
WHERE r.token = p_token
|
|
LIMIT 1;
|
|
$$;
|
|
|
|
GRANT EXECUTE ON FUNCTION public.lookup_vendor_insurance_request(TEXT) TO anon, authenticated;
|
|
|
|
-- Public submit: updates vendor + marks request submitted
|
|
CREATE OR REPLACE FUNCTION public.submit_vendor_insurance(
|
|
p_token TEXT,
|
|
p_carrier TEXT,
|
|
p_policy_number TEXT,
|
|
p_expiration_date DATE,
|
|
p_document_url TEXT DEFAULT NULL
|
|
)
|
|
RETURNS BOOLEAN
|
|
LANGUAGE plpgsql SECURITY DEFINER SET search_path = public
|
|
AS $$
|
|
DECLARE
|
|
v_request RECORD;
|
|
BEGIN
|
|
SELECT * INTO v_request FROM public.vendor_insurance_requests
|
|
WHERE token = p_token AND expires_at > now() AND submitted_at IS NULL
|
|
LIMIT 1;
|
|
|
|
IF v_request IS NULL THEN
|
|
RETURN FALSE;
|
|
END IF;
|
|
|
|
UPDATE public.vendors
|
|
SET insurance_carrier = p_carrier,
|
|
insurance_policy_number = p_policy_number,
|
|
insurance_expiration_date = p_expiration_date,
|
|
insurance_document_url = COALESCE(p_document_url, insurance_document_url),
|
|
updated_at = now()
|
|
WHERE id = v_request.vendor_id;
|
|
|
|
UPDATE public.vendor_insurance_requests
|
|
SET submitted_at = now()
|
|
WHERE id = v_request.id;
|
|
|
|
RETURN TRUE;
|
|
END;
|
|
$$;
|
|
|
|
GRANT EXECUTE ON FUNCTION public.submit_vendor_insurance(TEXT, TEXT, TEXT, DATE, TEXT) TO anon, authenticated;
|