admin/acmcc
1
0
Fork 0
mirror of https://github.com/renee-png/acmcc.git synced 2026-06-21 01:40:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f063d05ae0b5216f21adcd119859af44fcf9490a
acmcc/supabase/migrations/20260411180116_aed3deea-c0c1-4769-a358-21c7f6b039a6.sql
T
admin 183fe0a93c Add ACMCC app source, Supabase backend, and project config 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-01 20:19:26 -04:00

46 lines
1.5 KiB
SQL
Raw Blame History

-- 1. Fix forte_account_mappings: replace blanket SELECT with association-scoped
DROP POLICY IF EXISTS "Authenticated users can view forte mappings" ON public.forte_account_mappings;
CREATE POLICY "Users can view own association forte mappings"
ON public.forte_account_mappings
FOR SELECT TO authenticated
USING (
is_active = true
AND (
has_role(auth.uid(), 'admin'::app_role)
OR has_role(auth.uid(), 'manager'::app_role)
OR association_id IN (SELECT get_user_association_ids())
)
);
-- 2. Fix election_ballots: replace blanket anon SELECT with token-scoped
DROP POLICY IF EXISTS "Anon can select own ballots" ON public.election_ballots;
CREATE POLICY "Anon can select ballots by vote_token"
ON public.election_ballots
FOR SELECT TO anon
USING (
vote_token IN (
SELECT ev.vote_token FROM public.election_eligible_voters ev
WHERE ev.vote_token = election_ballots.vote_token
)
);
CREATE POLICY "Authenticated users can select own ballots"
ON public.election_ballots
FOR SELECT TO authenticated
USING (
vote_token IN (
SELECT ev.vote_token FROM public.election_eligible_voters ev
WHERE ev.owner_id IN (
SELECT o.id FROM public.owners o WHERE o.user_id = auth.uid()
)
)
OR has_role(auth.uid(), 'admin'::app_role)
OR has_role(auth.uid(), 'manager'::app_role)
);
-- 3. Fix arc_applications: drop blanket SELECT (scoped policies already exist)
DROP POLICY IF EXISTS "Authenticated users can view arc_applications" ON public.arc_applications;
Reference in New Issue View Git Blame Copy Permalink