mirror of
https://github.com/renee-png/acmcc.git
synced 2026-06-21 01:40:01 +00:00
admin
a3a0b706a1
Add a "Allow document & bid/quote uploads" toggle on board member profiles (board_members.can_upload). When enabled, that board member can upload association documents and create/manage bids & quotes for their association(s); otherwise the board portal stays read-only for them. - Migration (prod): board_members.can_upload column; tighten the documents insert + storage 'files' upload policies to require can_upload; add a bids_quotes board policy gated on can_upload. - BoardMembersPage: permission switch (load/save). - BoardAssociationContext: expose canUpload for the selected association. - DocumentsPage: board upload gated by the flag (was always-on for board). - BidsQuotesPage: permitted board members can add/manage bids (was hidden); board inserts target the board's association. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
43 lines
1.5 KiB
SQL
43 lines
1.5 KiB
SQL
-- Per-board-member "can upload" permission. When enabled, that board member may
|
|
-- upload association documents (files bucket + documents table) and create/manage
|
|
-- bids & quotes for their association(s). Default off.
|
|
|
|
alter table public.board_members
|
|
add column if not exists can_upload boolean not null default false;
|
|
|
|
-- Documents: tighten the existing board insert policy to require the flag.
|
|
alter policy "Board members can insert association documents" on public.documents
|
|
with check (
|
|
association_id in (
|
|
select bm.association_id from public.board_members bm
|
|
where bm.user_id = auth.uid() and bm.can_upload
|
|
)
|
|
);
|
|
|
|
-- Storage (files bucket): same gate on the board upload policy.
|
|
alter policy "Board members can upload association files" on storage.objects
|
|
with check (
|
|
bucket_id = 'files'
|
|
and ((storage.foldername(name))[1])::uuid in (
|
|
select bm.association_id from public.board_members bm
|
|
where bm.user_id = auth.uid() and bm.can_upload
|
|
)
|
|
);
|
|
|
|
-- Bids & Quotes: allow permitted board members to manage their association's bids.
|
|
drop policy if exists "Board members manage association bids" on public.bids_quotes;
|
|
create policy "Board members manage association bids" on public.bids_quotes
|
|
for all
|
|
using (
|
|
association_id in (
|
|
select bm.association_id from public.board_members bm
|
|
where bm.user_id = auth.uid() and bm.can_upload
|
|
)
|
|
)
|
|
with check (
|
|
association_id in (
|
|
select bm.association_id from public.board_members bm
|
|
where bm.user_id = auth.uid() and bm.can_upload
|
|
)
|
|
);
|