pettycashcaisse/supabase_migration_settings_and_proof.sql at main · archeveck/pettycashcaisse · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
-- Migration: Add Settings Management and Proof Tracking Features
-- This script adds only the new RLS policies and storage configuration
-- Run this if you already have the base schema installed

-- ============================================
-- RLS POLICIES FOR SETTINGS MANAGEMENT
-- ============================================

-- Admin policies for managing projects
DO $$
BEGIN
  IF NOT EXISTS (
    SELECT 1 FROM pg_policies
    WHERE tablename = 'projects' AND policyname = 'Admin can insert projects'
  ) THEN
    CREATE POLICY "Admin can insert projects" ON public.projects FOR INSERT WITH CHECK (
      EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role = 'admin')
    );
  END IF;
END $$;

DO $$
BEGIN
  IF NOT EXISTS (
    SELECT 1 FROM pg_policies
    WHERE tablename = 'projects' AND policyname = 'Admin can update projects'
  ) THEN
    CREATE POLICY "Admin can update projects" ON public.projects FOR UPDATE USING (
      EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role = 'admin')
    );
  END IF;
END $$;

DO $$
BEGIN
  IF NOT EXISTS (
    SELECT 1 FROM pg_policies
    WHERE tablename = 'projects' AND policyname = 'Admin can delete projects'
  ) THEN
    CREATE POLICY "Admin can delete projects" ON public.projects FOR DELETE USING (
      EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role = 'admin')
    );
  END IF;
END $$;

-- Admin policies for managing analytical accounts
DO $$
BEGIN
  IF NOT EXISTS (
    SELECT 1 FROM pg_policies
    WHERE tablename = 'analytical_accounts' AND policyname = 'Admin can insert analytical accounts'
  ) THEN
    CREATE POLICY "Admin can insert analytical accounts" ON public.analytical_accounts FOR INSERT WITH CHECK (
      EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role = 'admin')
    );
  END IF;
END $$;

DO $$
BEGIN
  IF NOT EXISTS (
    SELECT 1 FROM pg_policies
    WHERE tablename = 'analytical_accounts' AND policyname = 'Admin can update analytical accounts'
  ) THEN
    CREATE POLICY "Admin can update analytical accounts" ON public.analytical_accounts FOR UPDATE USING (
      EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role = 'admin')
    );
  END IF;
END $$;

DO $$
BEGIN
  IF NOT EXISTS (
    SELECT 1 FROM pg_policies
    WHERE tablename = 'analytical_accounts' AND policyname = 'Admin can delete analytical accounts'
  ) THEN
    CREATE POLICY "Admin can delete analytical accounts" ON public.analytical_accounts FOR DELETE USING (
      EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role = 'admin')
    );
  END IF;
END $$;

-- Admin policies for app settings
DO $$
BEGIN
  IF NOT EXISTS (
    SELECT 1 FROM pg_policies
    WHERE tablename = 'app_settings' AND policyname = 'Admin can view app settings'
  ) THEN
    CREATE POLICY "Admin can view app settings" ON public.app_settings FOR SELECT USING (
      EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role = 'admin')
    );
  END IF;
END $$;

DO $$
BEGIN
  IF NOT EXISTS (
    SELECT 1 FROM pg_policies
    WHERE tablename = 'app_settings' AND policyname = 'Admin can update app settings'
  ) THEN
    CREATE POLICY "Admin can update app settings" ON public.app_settings FOR UPDATE USING (
      EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role = 'admin')
    );
  END IF;
END $$;

DO $$
BEGIN
  IF NOT EXISTS (
    SELECT 1 FROM pg_policies
    WHERE tablename = 'app_settings' AND policyname = 'Admin can insert app settings'
  ) THEN
    CREATE POLICY "Admin can insert app settings" ON public.app_settings FOR INSERT WITH CHECK (
      EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role = 'admin')
    );
  END IF;
END $$;

-- Admin can update user roles
DO $$
BEGIN
  IF NOT EXISTS (
    SELECT 1 FROM pg_policies
    WHERE tablename = 'profiles' AND policyname = 'Admin can update user roles'
  ) THEN
    CREATE POLICY "Admin can update user roles" ON public.profiles FOR UPDATE USING (
      EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role = 'admin')
    );
  END IF;
END $$;

-- ============================================
-- STORAGE FOR PROOF DOCUMENTS
-- ============================================

-- Create storage bucket for proof documents (if not exists)
INSERT INTO storage.buckets (id, name, public)
VALUES ('proof-documents', 'proof-documents', false)
ON CONFLICT (id) DO NOTHING;

-- Storage policies
DO $$
BEGIN
  IF NOT EXISTS (
    SELECT 1 FROM pg_policies
    WHERE schemaname = 'storage'
    AND tablename = 'objects'
    AND policyname = 'Authenticated users can view proof documents'
  ) THEN
    CREATE POLICY "Authenticated users can view proof documents"
    ON storage.objects FOR SELECT
    USING (bucket_id = 'proof-documents' AND auth.role() = 'authenticated');
  END IF;
END $$;

DO $$
BEGIN
  IF NOT EXISTS (
    SELECT 1 FROM pg_policies
    WHERE schemaname = 'storage'
    AND tablename = 'objects'
    AND policyname = 'Cashiers can upload proof documents'
  ) THEN
    CREATE POLICY "Cashiers can upload proof documents"
    ON storage.objects FOR INSERT
    WITH CHECK (
      bucket_id = 'proof-documents' AND
      EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role IN ('cashier', 'admin'))
    );
  END IF;
END $$;

DO $$
BEGIN
  IF NOT EXISTS (
    SELECT 1 FROM pg_policies
    WHERE schemaname = 'storage'
    AND tablename = 'objects'
    AND policyname = 'Cashiers can update proof documents'
  ) THEN
    CREATE POLICY "Cashiers can update proof documents"
    ON storage.objects FOR UPDATE
    USING (
      bucket_id = 'proof-documents' AND
      EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role IN ('cashier', 'admin'))
    );
  END IF;
END $$;

-- ============================================
-- VERIFICATION
-- ============================================

-- Verify policies were created
SELECT
  schemaname,
  tablename,
  policyname
FROM pg_policies
WHERE tablename IN ('projects', 'analytical_accounts', 'app_settings', 'profiles', 'objects')
ORDER BY tablename, policyname;

-- Verify storage bucket
SELECT id, name, public FROM storage.buckets WHERE id = 'proof-documents';