admin/acmcc
1
0
Fork 0
mirror of https://github.com/renee-png/acmcc.git synced 2026-06-21 09:50:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
c670ca7e0e3a97abafc9bc414d0118369d89f594
acmcc/supabase/migrations/20260323015555_6d7e3e22-986c-49e6-a47f-e0b8bc0417f5.sql
T
admin 183fe0a93c Add ACMCC app source, Supabase backend, and project config 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-01 20:19:26 -04:00

92 lines
3.0 KiB
SQL
Raw Blame History

-- Store Google Drive OAuth tokens for admin users
CREATE TABLE public.google_drive_tokens (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
user_id UUID REFERENCES auth.users(id) ON DELETE CASCADE NOT NULL UNIQUE,
access_token TEXT NOT NULL,
refresh_token TEXT NOT NULL,
token_expires_at TIMESTAMPTZ NOT NULL,
created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
updated_at TIMESTAMPTZ NOT NULL DEFAULT now()
);
ALTER TABLE public.google_drive_tokens ENABLE ROW LEVEL SECURITY;
CREATE POLICY "Admins can manage their own tokens"
ON public.google_drive_tokens
FOR ALL
TO authenticated
USING (
user_id = auth.uid()
AND (public.has_role(auth.uid(), 'admin') OR public.has_role(auth.uid(), 'manager'))
)
WITH CHECK (
user_id = auth.uid()
AND (public.has_role(auth.uid(), 'admin') OR public.has_role(auth.uid(), 'manager'))
);
-- Track which Drive files/folders are shared and with whom
CREATE TABLE public.shared_drive_files (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
drive_file_id TEXT NOT NULL,
drive_file_name TEXT NOT NULL,
drive_mime_type TEXT,
drive_icon_link TEXT,
drive_web_view_link TEXT,
is_folder BOOLEAN NOT NULL DEFAULT false,
shared_by UUID REFERENCES auth.users(id) ON DELETE SET NULL,
association_ids UUID[] DEFAULT '{}',
visibility TEXT[] NOT NULL DEFAULT '{admin}',
parent_shared_id UUID REFERENCES public.shared_drive_files(id) ON DELETE CASCADE,
created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
updated_at TIMESTAMPTZ NOT NULL DEFAULT now()
);
ALTER TABLE public.shared_drive_files ENABLE ROW LEVEL SECURITY;
-- Staff can manage shared files
CREATE POLICY "Staff can manage shared drive files"
ON public.shared_drive_files
FOR ALL
TO authenticated
USING (
public.has_role(auth.uid(), 'admin') OR public.has_role(auth.uid(), 'manager')
)
WITH CHECK (
public.has_role(auth.uid(), 'admin') OR public.has_role(auth.uid(), 'manager')
);
-- Board members and homeowners can view files shared with them
CREATE POLICY "Users can view files shared with their role or association"
ON public.shared_drive_files
FOR SELECT
TO authenticated
USING (
public.has_role(auth.uid(), 'admin')
OR public.has_role(auth.uid(), 'manager')
OR (
'board_member' = ANY(visibility)
AND EXISTS (
SELECT 1 FROM public.board_members bm
WHERE bm.user_id = auth.uid()
AND bm.association_id = ANY(shared_drive_files.association_ids)
)
)
OR (
'homeowner' = ANY(visibility)
AND EXISTS (
SELECT 1 FROM public.owners o
WHERE o.user_id = auth.uid()
AND o.association_id = ANY(shared_drive_files.association_ids)
)
)
);
CREATE TRIGGER update_google_drive_tokens_updated_at
BEFORE UPDATE ON public.google_drive_tokens
FOR EACH ROW EXECUTE FUNCTION public.update_updated_at_column();
CREATE TRIGGER update_shared_drive_files_updated_at
BEFORE UPDATE ON public.shared_drive_files
FOR EACH ROW EXECUTE FUNCTION public.update_updated_at_column();
Reference in New Issue View Git Blame Copy Permalink