-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsupabase_migration_fix_validation.sql
More file actions
77 lines (71 loc) · 2.41 KB
/
supabase_migration_fix_validation.sql
File metadata and controls
77 lines (71 loc) · 2.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
-- Migration: Fix Validation Workflow - Add UPDATE policies for cash_requests
-- This allows controllers and CFOs to approve/reject requests
-- Controller can update requests (approve to pending_cfo or reject)
DO $$
BEGIN
IF NOT EXISTS (
SELECT 1 FROM pg_policies
WHERE tablename = 'cash_requests' AND policyname = 'Controller can update requests'
) THEN
CREATE POLICY "Controller can update requests" ON public.cash_requests FOR UPDATE USING (
EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role = 'controller')
);
END IF;
END $$;
-- CFO can update requests (approve or reject)
DO $$
BEGIN
IF NOT EXISTS (
SELECT 1 FROM pg_policies
WHERE tablename = 'cash_requests' AND policyname = 'CFO can update requests'
) THEN
CREATE POLICY "CFO can update requests" ON public.cash_requests FOR UPDATE USING (
EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role = 'cfo')
);
END IF;
END $$;
-- Cashier can update requests (mark as disbursed)
DO $$
BEGIN
IF NOT EXISTS (
SELECT 1 FROM pg_policies
WHERE tablename = 'cash_requests' AND policyname = 'Cashier can update requests'
) THEN
CREATE POLICY "Cashier can update requests" ON public.cash_requests FOR UPDATE USING (
EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role = 'cashier')
);
END IF;
END $$;
-- Admin can update requests
DO $$
BEGIN
IF NOT EXISTS (
SELECT 1 FROM pg_policies
WHERE tablename = 'cash_requests' AND policyname = 'Admin can update requests'
) THEN
CREATE POLICY "Admin can update requests" ON public.cash_requests FOR UPDATE USING (
EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role = 'admin')
);
END IF;
END $$;
-- Cashier and Admin can insert transactions
DO $$
BEGIN
IF NOT EXISTS (
SELECT 1 FROM pg_policies
WHERE tablename = 'cash_transactions' AND policyname = 'Cashier can insert transactions'
) THEN
CREATE POLICY "Cashier can insert transactions" ON public.cash_transactions FOR INSERT WITH CHECK (
EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role IN ('cashier', 'admin'))
);
END IF;
END $$;
-- Verify policies were created
SELECT
tablename,
policyname,
cmd
FROM pg_policies
WHERE tablename IN ('cash_requests', 'cash_transactions')
AND cmd = 'UPDATE' OR (tablename = 'cash_transactions' AND cmd = 'INSERT')
ORDER BY tablename, policyname;