mirror of
https://github.com/renee-png/acmcc.git
synced 2026-06-21 09:50:01 +00:00
26 lines
1.1 KiB
SQL
26 lines
1.1 KiB
SQL
|
|
-- Fix SELECT: staff see all, others see only their associations
|
|
DROP POLICY IF EXISTS "Authenticated users can read active announcements" ON public.announcements;
|
|
CREATE POLICY "Authenticated users can read scoped announcements" ON public.announcements
|
|
FOR SELECT TO authenticated
|
|
USING (
|
|
status = 'active' AND (
|
|
public.has_role(auth.uid(), 'admin') OR
|
|
public.has_role(auth.uid(), 'manager') OR
|
|
public.has_role(auth.uid(), 'employee') OR
|
|
association_id IN (SELECT public.get_user_association_ids())
|
|
)
|
|
);
|
|
|
|
-- Fix UPDATE: restrict to staff
|
|
DROP POLICY IF EXISTS "Authors can update their announcements" ON public.announcements;
|
|
CREATE POLICY "Staff can update announcements" ON public.announcements
|
|
FOR UPDATE TO authenticated
|
|
USING (public.has_role(auth.uid(), 'admin') OR public.has_role(auth.uid(), 'manager'));
|
|
|
|
-- Fix DELETE: restrict to staff
|
|
DROP POLICY IF EXISTS "Authors can delete their announcements" ON public.announcements;
|
|
CREATE POLICY "Staff can delete announcements" ON public.announcements
|
|
FOR DELETE TO authenticated
|
|
USING (public.has_role(auth.uid(), 'admin') OR public.has_role(auth.uid(), 'manager'));
|