ChoreoAI/supabase-schema-update.sql at main · yuqiannemo/ChoreoAI · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
-- Supabase Database Schema Update for AI Choreographer
-- This version handles existing policies gracefully

-- Drop existing policies if they exist (to avoid conflicts)
DROP POLICY IF EXISTS "Users can view own profile" ON public.users;
DROP POLICY IF EXISTS "Users can update own profile" ON public.users;
DROP POLICY IF EXISTS "Users can view own projects" ON public.choreography_projects;
DROP POLICY IF EXISTS "Users can insert own projects" ON public.choreography_projects;
DROP POLICY IF EXISTS "Users can update own projects" ON public.choreography_projects;
DROP POLICY IF EXISTS "Users can delete own projects" ON public.choreography_projects;
DROP POLICY IF EXISTS "Users can upload own audio files" ON storage.objects;
DROP POLICY IF EXISTS "Users can view own audio files" ON storage.objects;
DROP POLICY IF EXISTS "Users can delete own audio files" ON storage.objects;
DROP POLICY IF EXISTS "Users can upload own video files" ON storage.objects;
DROP POLICY IF EXISTS "Users can view own video files" ON storage.objects;
DROP POLICY IF EXISTS "Users can delete own video files" ON storage.objects;
DROP POLICY IF EXISTS "Anyone can view thumbnails" ON storage.objects;
DROP POLICY IF EXISTS "Users can upload own thumbnails" ON storage.objects;

-- Recreate all policies
-- Users can only see their own data
CREATE POLICY "Users can view own profile" ON public.users
    FOR SELECT USING (auth.uid() = id);

CREATE POLICY "Users can update own profile" ON public.users
    FOR UPDATE USING (auth.uid() = id);

-- Choreography projects policies
CREATE POLICY "Users can view own projects" ON public.choreography_projects
    FOR SELECT USING (auth.uid() = user_id);

CREATE POLICY "Users can insert own projects" ON public.choreography_projects
    FOR INSERT WITH CHECK (auth.uid() = user_id);

CREATE POLICY "Users can update own projects" ON public.choreography_projects
    FOR UPDATE USING (auth.uid() = user_id);

CREATE POLICY "Users can delete own projects" ON public.choreography_projects
    FOR DELETE USING (auth.uid() = user_id);

-- Storage policies for audio files
CREATE POLICY "Users can upload own audio files" ON storage.objects
    FOR INSERT WITH CHECK (
        bucket_id = 'audio-files' AND
        auth.uid()::text = (storage.foldername(name))[1]
    );

CREATE POLICY "Users can view own audio files" ON storage.objects
    FOR SELECT USING (
        bucket_id = 'audio-files' AND
        auth.uid()::text = (storage.foldername(name))[1]
    );

CREATE POLICY "Users can delete own audio files" ON storage.objects
    FOR DELETE USING (
        bucket_id = 'audio-files' AND
        auth.uid()::text = (storage.foldername(name))[1]
    );

-- Storage policies for video files
CREATE POLICY "Users can upload own video files" ON storage.objects
    FOR INSERT WITH CHECK (
        bucket_id = 'choreography-videos' AND
        auth.uid()::text = (storage.foldername(name))[1]
    );

CREATE POLICY "Users can view own video files" ON storage.objects
    FOR SELECT USING (
        bucket_id = 'choreography-videos' AND
        auth.uid()::text = (storage.foldername(name))[1]
    );

CREATE POLICY "Users can delete own video files" ON storage.objects
    FOR DELETE USING (
        bucket_id = 'choreography-videos' AND
        auth.uid()::text = (storage.foldername(name))[1]
    );

-- Storage policies for thumbnails (public read)
CREATE POLICY "Anyone can view thumbnails" ON storage.objects
    FOR SELECT USING (bucket_id = 'video-thumbnails');

CREATE POLICY "Users can upload own thumbnails" ON storage.objects
    FOR INSERT WITH CHECK (
        bucket_id = 'video-thumbnails' AND
        auth.uid()::text = (storage.foldername(name))[1]
    );