Ali/erp-cicd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
20e95c2fb6
erp-cicd/my-access-hub-main/supabase/migrations/20250809051821_27ee9ec4-3d5b-4481-ab1e-4cdc6fa875d5.sql
Ali 20e95c2fb6
Some checks failed
Build & Deploy Frontend / build-push-deploy (push) Failing after 15s
Details
pushing all
2025-08-30 11:51:11 +05:30

87 lines
2.3 KiB
SQL
Raw Blame History

-- Create invoices bucket if it doesn't exist (make it private for security)
INSERT INTO storage.buckets (id, name, public)
VALUES ('invoices', 'invoices', false)
ON CONFLICT (id) DO UPDATE SET
public = false,
updated_at = now();
-- Create RLS policies for invoice access
-- Users can only access their own invoices
CREATE POLICY "Users can view their own invoices" ON storage.objects
FOR SELECT
USING (
bucket_id = 'invoices'
AND auth.uid()::text = (storage.foldername(name))[1]
);
-- Admin and finance users can view all invoices
CREATE POLICY "Admin and finance can view all invoices" ON storage.objects
FOR SELECT
USING (
bucket_id = 'invoices'
AND EXISTS (
SELECT 1 FROM public.profiles
WHERE user_id = auth.uid()
AND role IN ('admin', 'finance')
)
);
-- Users can upload their own invoices
CREATE POLICY "Users can upload their own invoices" ON storage.objects
FOR INSERT
WITH CHECK (
bucket_id = 'invoices'
AND auth.uid()::text = (storage.foldername(name))[1]
);
-- Admin and finance can upload invoices for any user
CREATE POLICY "Admin and finance can upload invoices" ON storage.objects
FOR INSERT
WITH CHECK (
bucket_id = 'invoices'
AND EXISTS (
SELECT 1 FROM public.profiles
WHERE user_id = auth.uid()
AND role IN ('admin', 'finance')
)
);
-- Users can update their own invoices
CREATE POLICY "Users can update their own invoices" ON storage.objects
FOR UPDATE
USING (
bucket_id = 'invoices'
AND auth.uid()::text = (storage.foldername(name))[1]
);
-- Admin and finance can update all invoices
CREATE POLICY "Admin and finance can update all invoices" ON storage.objects
FOR UPDATE
USING (
bucket_id = 'invoices'
AND EXISTS (
SELECT 1 FROM public.profiles
WHERE user_id = auth.uid()
AND role IN ('admin', 'finance')
)
);
-- Users can delete their own invoices
CREATE POLICY "Users can delete their own invoices" ON storage.objects
FOR DELETE
USING (
bucket_id = 'invoices'
AND auth.uid()::text = (storage.foldername(name))[1]
);
-- Admin can delete any invoice
CREATE POLICY "Admin can delete any invoice" ON storage.objects
FOR DELETE
USING (
bucket_id = 'invoices'
AND EXISTS (
SELECT 1 FROM public.profiles
WHERE user_id = auth.uid()
AND role = 'admin'
)
);
Reference in New Issue View Git Blame Copy Permalink