Create 20250705135500_update_schema.sql

Миграция политик
2025-05-07 15:19:46 +03:00 · 2025-05-07 15:19:46 +03:00 · 5572b5f440
commit 5572b5f440
parent 690c18e601
1 changed files with 65 additions and 0 deletions
--- a/supabase/migrations/20250705135500_update_schema.sql
+++ b/supabase/migrations/20250705135500_update_schema.sql
@ -0,0 +1,65 @@
+-- Включаем RLS для всех таблиц
+ALTER TABLE users ENABLE ROW LEVEL SECURITY;
+ALTER TABLE media ENABLE ROW LEVEL SECURITY;
+ALTER TABLE reviews ENABLE ROW LEVEL SECURITY;
+
+-- Политики для таблицы users
+CREATE POLICY "Users can view own profile"
+  ON users FOR SELECT
+  USING (auth.uid() = id);
+
+CREATE POLICY "Users can update own profile"
+  ON users FOR UPDATE
+  USING (auth.uid() = id);
+
+-- Политики для таблицы media
+CREATE POLICY "Anyone can view media"
+  ON media FOR SELECT
+  USING (true);
+
+CREATE POLICY "Admins can insert media"
+  ON media FOR INSERT
+  WITH CHECK (
+    EXISTS (
+      SELECT 1 FROM users
+      WHERE users.id = auth.uid()
+      AND users.role = 'admin'
+    )
+  );
+
+CREATE POLICY "Admins can update media"
+  ON media FOR UPDATE
+  USING (
+    EXISTS (
+      SELECT 1 FROM users
+      WHERE users.id = auth.uid()
+      AND users.role = 'admin'
+    )
+  );
+
+CREATE POLICY "Admins can delete media"
+  ON media FOR DELETE
+  USING (
+    EXISTS (
+      SELECT 1 FROM users
+      WHERE users.id = auth.uid()
+      AND users.role = 'admin'
+    )
+  );
+
+-- Политики для таблицы reviews
+CREATE POLICY "Anyone can view reviews"
+  ON reviews FOR SELECT
+  USING (true);
+
+CREATE POLICY "Authenticated users can insert reviews"
+  ON reviews FOR INSERT
+  WITH CHECK (auth.uid() IS NOT NULL);
+
+CREATE POLICY "Users can update own reviews"
+  ON reviews FOR UPDATE
+  USING (auth.uid() = user_id);
+
+CREATE POLICY "Users can delete own reviews"
+  ON reviews FOR DELETE
+  USING (auth.uid() = user_id);