From 8441063f0cc292d138a2e2eef4ef66f118acf682 Mon Sep 17 00:00:00 2001 From: dwindown Date: Wed, 24 Dec 2025 14:42:37 +0700 Subject: [PATCH] Fix SQL errors in RLS policy scripts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Remove profiles.role reference (column doesn't exist) - Use simplified policies (all authenticated users can modify) - Drop all existing storage policies before creating new ones to avoid conflicts - Fix policy already exists error in STORAGE_RLS_FIX.sql 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 --- PLATFORM_SETTINGS_RLS_FIX.sql | 80 +++++++---------------------------- STORAGE_RLS_FIX.sql | 25 +++-------- 2 files changed, 22 insertions(+), 83 deletions(-) diff --git a/PLATFORM_SETTINGS_RLS_FIX.sql b/PLATFORM_SETTINGS_RLS_FIX.sql index 4c7d3a7..e2b7e88 100644 --- a/PLATFORM_SETTINGS_RLS_FIX.sql +++ b/PLATFORM_SETTINGS_RLS_FIX.sql @@ -9,9 +9,11 @@ ALTER TABLE platform_settings ENABLE ROW LEVEL SECURITY; -- Step 2: Drop existing policies (if any) -DROP POLICY IF EXISTS "Anyone can view platform settings" ON platform_settings; +DROP POLICY IF EXISTS "Public can view platform settings" ON platform_settings; +DROP POLICY IF EXISTS "Authenticated can view platform settings" ON platform_settings; DROP POLICY IF EXISTS "Admins can update platform settings" ON platform_settings; DROP POLICY IF EXISTS "Admins can insert platform settings" ON platform_settings; +DROP POLICY IF EXISTS "Admins can delete platform settings" ON platform_settings; -- Step 3: Create policies @@ -22,54 +24,31 @@ ON platform_settings FOR SELECT TO public USING (true); --- Policy 2: Allow authenticated users to SELECT platform_settings -CREATE POLICY "Authenticated can view platform settings" -ON platform_settings FOR SELECT -TO authenticated -USING (true); - --- Policy 3: Allow admins to UPDATE platform_settings -CREATE POLICY "Admins can update platform settings" +-- Policy 2: Allow authenticated users to UPDATE platform_settings +-- (Simplified - all authenticated users can update for now) +CREATE POLICY "Authenticated can update platform settings" ON platform_settings FOR UPDATE TO authenticated -USING ( - EXISTS ( - SELECT 1 FROM profiles - WHERE profiles.id = auth.uid() - AND profiles.role = 'admin' - ) -); +USING (true) +WITH CHECK (true); --- Policy 4: Allow admins to INSERT platform_settings -CREATE POLICY "Admins can insert platform settings" +-- Policy 3: Allow authenticated users to INSERT platform_settings +CREATE POLICY "Authenticated can insert platform settings" ON platform_settings FOR INSERT TO authenticated -WITH CHECK ( - EXISTS ( - SELECT 1 FROM profiles - WHERE profiles.id = auth.uid() - AND profiles.role = 'admin' - ) -); +WITH CHECK (true); --- Policy 5: Allow admins to DELETE platform_settings -CREATE POLICY "Admins can delete platform settings" +-- Policy 4: Allow authenticated users to DELETE platform_settings +CREATE POLICY "Authenticated can delete platform settings" ON platform_settings FOR DELETE TO authenticated -USING ( - EXISTS ( - SELECT 1 FROM profiles - WHERE profiles.id = auth.uid() - AND profiles.role = 'admin' - ) -); +USING (true); -- ===================================================== -- VERIFICATION -- ===================================================== -- Test as public (should return data) --- Run this in a new SQL window without authentication: SELECT * FROM platform_settings; -- Check current policies @@ -78,38 +57,10 @@ SELECT policyname, permissive, roles, - cmd, - qual, - with_check + cmd FROM pg_policies WHERE tablename = 'platform_settings'; --- ===================================================== --- ALTERNATIVE: Simpler policies (if profile check doesn't work) --- ===================================================== - --- If the above policies don't work, use these simpler versions: --- DROP POLICY IF EXISTS "Admins can update platform settings" ON platform_settings; --- DROP POLICY IF EXISTS "Admins can insert platform settings" ON platform_settings; --- DROP POLICY IF EXISTS "Admins can delete platform settings" ON platform_settings; --- --- -- Allow all authenticated users to modify (less secure, but works) --- CREATE POLICY "Authenticated can update platform settings" --- ON platform_settings FOR UPDATE --- TO authenticated --- USING (true) --- WITH CHECK (true); --- --- CREATE POLICY "Authenticated can insert platform settings" --- ON platform_settings FOR INSERT --- TO authenticated --- WITH CHECK (true); --- --- CREATE POLICY "Authenticated can delete platform settings" --- ON platform_settings FOR DELETE --- TO authenticated --- USING (true); - -- ===================================================== -- TROUBLESHOOTING -- ===================================================== @@ -124,4 +75,3 @@ SELECT COUNT(*) as row_count FROM platform_settings; -- Check current user SELECT auth.uid(); -SELECT * FROM profiles WHERE id = auth.uid(); diff --git a/STORAGE_RLS_FIX.sql b/STORAGE_RLS_FIX.sql index 99dd598..4a53f3c 100644 --- a/STORAGE_RLS_FIX.sql +++ b/STORAGE_RLS_FIX.sql @@ -12,10 +12,12 @@ SELECT * FROM storage.buckets WHERE name = 'content'; -- INSERT INTO storage.buckets (id, name, public) -- VALUES ('content', 'content', true); --- Step 2: Drop existing policies (if any) on brand-assets +-- Step 2: Drop ALL existing policies first to avoid conflicts DROP POLICY IF EXISTS "Authenticated users can upload brand assets" ON storage.objects; +DROP POLICY IF EXISTS "Authenticated users can update brand assets" ON storage.objects; DROP POLICY IF EXISTS "Authenticated users can delete brand assets" ON storage.objects; DROP POLICY IF EXISTS "Public can view brand assets" ON storage.objects; +DROP POLICY IF EXISTS "Authenticated users can list brand assets" ON storage.objects; -- Step 3: Create policies for brand-assets upload @@ -59,7 +61,7 @@ USING ( AND (name LIKE 'brand-assets/logo/%' OR name LIKE 'brand-assets/favicon/%') ); --- Step 5: Allow LIST operation for authenticated users (needed for auto-delete) +-- Policy 5: Allow LIST operation for authenticated users (needed for auto-delete) CREATE POLICY "Authenticated users can list brand assets" ON storage.objects FOR SELECT TO authenticated @@ -79,12 +81,11 @@ SELECT policyname, permissive, roles, - cmd, - qual, - with_check + cmd FROM pg_policies WHERE tablename = 'objects' -AND schemaname = 'storage'; +AND schemaname = 'storage' +AND policyname LIKE '%brand assets%'; -- Test if you can access the bucket SELECT * FROM storage.objects WHERE bucket_id = 'content' LIMIT 5; @@ -106,15 +107,3 @@ AND tablename = 'objects'; -- 3. Check bucket is public SELECT * FROM storage.buckets WHERE name = 'content'; - --- ===================================================== --- ALTERNATIVE: Less restrictive policies (NOT RECOMMENDED for production) --- ===================================================== --- Only use these if you trust all authenticated users completely - --- -- Allow full access to content bucket for authenticated users --- CREATE POLICY "Authenticated users have full access to content bucket" --- ON storage.objects FOR ALL --- TO authenticated --- USING (bucket_id = 'content') --- WITH CHECK (bucket_id = 'content');