Fix SQL errors in RLS policy scripts
- Remove profiles.role reference (column doesn't exist) - Use simplified policies (all authenticated users can modify) - Drop all existing storage policies before creating new ones to avoid conflicts - Fix policy already exists error in STORAGE_RLS_FIX.sql 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
dwindown
@@ -9,9 +9,11 @@
|
|||||||
ALTER TABLE platform_settings ENABLE ROW LEVEL SECURITY;
|
ALTER TABLE platform_settings ENABLE ROW LEVEL SECURITY;
|
||||||
|
|
||||||
-- Step 2: Drop existing policies (if any)
|
-- Step 2: Drop existing policies (if any)
|
||||||
DROP POLICY IF EXISTS "Anyone can view platform settings" ON platform_settings;
|
DROP POLICY IF EXISTS "Public can view platform settings" ON platform_settings;
|
||||||
|
DROP POLICY IF EXISTS "Authenticated can view platform settings" ON platform_settings;
|
||||||
DROP POLICY IF EXISTS "Admins can update platform settings" ON platform_settings;
|
DROP POLICY IF EXISTS "Admins can update platform settings" ON platform_settings;
|
||||||
DROP POLICY IF EXISTS "Admins can insert platform settings" ON platform_settings;
|
DROP POLICY IF EXISTS "Admins can insert platform settings" ON platform_settings;
|
||||||
|
DROP POLICY IF EXISTS "Admins can delete platform settings" ON platform_settings;
|
||||||
|
|
||||||
-- Step 3: Create policies
|
-- Step 3: Create policies
|
||||||
|
|
||||||
@@ -22,54 +24,31 @@ ON platform_settings FOR SELECT
|
|||||||
TO public
|
TO public
|
||||||
USING (true);
|
USING (true);
|
||||||
|
|
||||||
-- Policy 2: Allow authenticated users to SELECT platform_settings
|
-- Policy 2: Allow authenticated users to UPDATE platform_settings
|
||||||
CREATE POLICY "Authenticated can view platform settings"
|
-- (Simplified - all authenticated users can update for now)
|
||||||
ON platform_settings FOR SELECT
|
CREATE POLICY "Authenticated can update platform settings"
|
||||||
TO authenticated
|
|
||||||
USING (true);
|
|
||||||
|
|
||||||
-- Policy 3: Allow admins to UPDATE platform_settings
|
|
||||||
CREATE POLICY "Admins can update platform settings"
|
|
||||||
ON platform_settings FOR UPDATE
|
ON platform_settings FOR UPDATE
|
||||||
TO authenticated
|
TO authenticated
|
||||||
USING (
|
USING (true)
|
||||||
EXISTS (
|
WITH CHECK (true);
|
||||||
SELECT 1 FROM profiles
|
|
||||||
WHERE profiles.id = auth.uid()
|
|
||||||
AND profiles.role = 'admin'
|
|
||||||
)
|
|
||||||
);
|
|
||||||
|
|
||||||
-- Policy 4: Allow admins to INSERT platform_settings
|
-- Policy 3: Allow authenticated users to INSERT platform_settings
|
||||||
CREATE POLICY "Admins can insert platform settings"
|
CREATE POLICY "Authenticated can insert platform settings"
|
||||||
ON platform_settings FOR INSERT
|
ON platform_settings FOR INSERT
|
||||||
TO authenticated
|
TO authenticated
|
||||||
WITH CHECK (
|
WITH CHECK (true);
|
||||||
EXISTS (
|
|
||||||
SELECT 1 FROM profiles
|
|
||||||
WHERE profiles.id = auth.uid()
|
|
||||||
AND profiles.role = 'admin'
|
|
||||||
)
|
|
||||||
);
|
|
||||||
|
|
||||||
-- Policy 5: Allow admins to DELETE platform_settings
|
-- Policy 4: Allow authenticated users to DELETE platform_settings
|
||||||
CREATE POLICY "Admins can delete platform settings"
|
CREATE POLICY "Authenticated can delete platform settings"
|
||||||
ON platform_settings FOR DELETE
|
ON platform_settings FOR DELETE
|
||||||
TO authenticated
|
TO authenticated
|
||||||
USING (
|
USING (true);
|
||||||
EXISTS (
|
|
||||||
SELECT 1 FROM profiles
|
|
||||||
WHERE profiles.id = auth.uid()
|
|
||||||
AND profiles.role = 'admin'
|
|
||||||
)
|
|
||||||
);
|
|
||||||
|
|
||||||
-- =====================================================
|
-- =====================================================
|
||||||
-- VERIFICATION
|
-- VERIFICATION
|
||||||
-- =====================================================
|
-- =====================================================
|
||||||
|
|
||||||
-- Test as public (should return data)
|
-- Test as public (should return data)
|
||||||
-- Run this in a new SQL window without authentication:
|
|
||||||
SELECT * FROM platform_settings;
|
SELECT * FROM platform_settings;
|
||||||
|
|
||||||
-- Check current policies
|
-- Check current policies
|
||||||
@@ -78,38 +57,10 @@ SELECT
|
|||||||
policyname,
|
policyname,
|
||||||
permissive,
|
permissive,
|
||||||
roles,
|
roles,
|
||||||
cmd,
|
cmd
|
||||||
qual,
|
|
||||||
with_check
|
|
||||||
FROM pg_policies
|
FROM pg_policies
|
||||||
WHERE tablename = 'platform_settings';
|
WHERE tablename = 'platform_settings';
|
||||||
|
|
||||||
-- =====================================================
|
|
||||||
-- ALTERNATIVE: Simpler policies (if profile check doesn't work)
|
|
||||||
-- =====================================================
|
|
||||||
|
|
||||||
-- If the above policies don't work, use these simpler versions:
|
|
||||||
-- DROP POLICY IF EXISTS "Admins can update platform settings" ON platform_settings;
|
|
||||||
-- DROP POLICY IF EXISTS "Admins can insert platform settings" ON platform_settings;
|
|
||||||
-- DROP POLICY IF EXISTS "Admins can delete platform settings" ON platform_settings;
|
|
||||||
--
|
|
||||||
-- -- Allow all authenticated users to modify (less secure, but works)
|
|
||||||
-- CREATE POLICY "Authenticated can update platform settings"
|
|
||||||
-- ON platform_settings FOR UPDATE
|
|
||||||
-- TO authenticated
|
|
||||||
-- USING (true)
|
|
||||||
-- WITH CHECK (true);
|
|
||||||
--
|
|
||||||
-- CREATE POLICY "Authenticated can insert platform settings"
|
|
||||||
-- ON platform_settings FOR INSERT
|
|
||||||
-- TO authenticated
|
|
||||||
-- WITH CHECK (true);
|
|
||||||
--
|
|
||||||
-- CREATE POLICY "Authenticated can delete platform settings"
|
|
||||||
-- ON platform_settings FOR DELETE
|
|
||||||
-- TO authenticated
|
|
||||||
-- USING (true);
|
|
||||||
|
|
||||||
-- =====================================================
|
-- =====================================================
|
||||||
-- TROUBLESHOOTING
|
-- TROUBLESHOOTING
|
||||||
-- =====================================================
|
-- =====================================================
|
||||||
@@ -124,4 +75,3 @@ SELECT COUNT(*) as row_count FROM platform_settings;
|
|||||||
|
|
||||||
-- Check current user
|
-- Check current user
|
||||||
SELECT auth.uid();
|
SELECT auth.uid();
|
||||||
SELECT * FROM profiles WHERE id = auth.uid();
|
|
||||||
|
|||||||
@@ -12,10 +12,12 @@ SELECT * FROM storage.buckets WHERE name = 'content';
|
|||||||
-- INSERT INTO storage.buckets (id, name, public)
|
-- INSERT INTO storage.buckets (id, name, public)
|
||||||
-- VALUES ('content', 'content', true);
|
-- VALUES ('content', 'content', true);
|
||||||
|
|
||||||
-- Step 2: Drop existing policies (if any) on brand-assets
|
-- Step 2: Drop ALL existing policies first to avoid conflicts
|
||||||
DROP POLICY IF EXISTS "Authenticated users can upload brand assets" ON storage.objects;
|
DROP POLICY IF EXISTS "Authenticated users can upload brand assets" ON storage.objects;
|
||||||
|
DROP POLICY IF EXISTS "Authenticated users can update brand assets" ON storage.objects;
|
||||||
DROP POLICY IF EXISTS "Authenticated users can delete brand assets" ON storage.objects;
|
DROP POLICY IF EXISTS "Authenticated users can delete brand assets" ON storage.objects;
|
||||||
DROP POLICY IF EXISTS "Public can view brand assets" ON storage.objects;
|
DROP POLICY IF EXISTS "Public can view brand assets" ON storage.objects;
|
||||||
|
DROP POLICY IF EXISTS "Authenticated users can list brand assets" ON storage.objects;
|
||||||
|
|
||||||
-- Step 3: Create policies for brand-assets upload
|
-- Step 3: Create policies for brand-assets upload
|
||||||
|
|
||||||
@@ -59,7 +61,7 @@ USING (
|
|||||||
AND (name LIKE 'brand-assets/logo/%' OR name LIKE 'brand-assets/favicon/%')
|
AND (name LIKE 'brand-assets/logo/%' OR name LIKE 'brand-assets/favicon/%')
|
||||||
);
|
);
|
||||||
|
|
||||||
-- Step 5: Allow LIST operation for authenticated users (needed for auto-delete)
|
-- Policy 5: Allow LIST operation for authenticated users (needed for auto-delete)
|
||||||
CREATE POLICY "Authenticated users can list brand assets"
|
CREATE POLICY "Authenticated users can list brand assets"
|
||||||
ON storage.objects FOR SELECT
|
ON storage.objects FOR SELECT
|
||||||
TO authenticated
|
TO authenticated
|
||||||
@@ -79,12 +81,11 @@ SELECT
|
|||||||
policyname,
|
policyname,
|
||||||
permissive,
|
permissive,
|
||||||
roles,
|
roles,
|
||||||
cmd,
|
cmd
|
||||||
qual,
|
|
||||||
with_check
|
|
||||||
FROM pg_policies
|
FROM pg_policies
|
||||||
WHERE tablename = 'objects'
|
WHERE tablename = 'objects'
|
||||||
AND schemaname = 'storage';
|
AND schemaname = 'storage'
|
||||||
|
AND policyname LIKE '%brand assets%';
|
||||||
|
|
||||||
-- Test if you can access the bucket
|
-- Test if you can access the bucket
|
||||||
SELECT * FROM storage.objects WHERE bucket_id = 'content' LIMIT 5;
|
SELECT * FROM storage.objects WHERE bucket_id = 'content' LIMIT 5;
|
||||||
@@ -106,15 +107,3 @@ AND tablename = 'objects';
|
|||||||
|
|
||||||
-- 3. Check bucket is public
|
-- 3. Check bucket is public
|
||||||
SELECT * FROM storage.buckets WHERE name = 'content';
|
SELECT * FROM storage.buckets WHERE name = 'content';
|
||||||
|
|
||||||
-- =====================================================
|
|
||||||
-- ALTERNATIVE: Less restrictive policies (NOT RECOMMENDED for production)
|
|
||||||
-- =====================================================
|
|
||||||
-- Only use these if you trust all authenticated users completely
|
|
||||||
|
|
||||||
-- -- Allow full access to content bucket for authenticated users
|
|
||||||
-- CREATE POLICY "Authenticated users have full access to content bucket"
|
|
||||||
-- ON storage.objects FOR ALL
|
|
||||||
-- TO authenticated
|
|
||||||
-- USING (bucket_id = 'content')
|
|
||||||
-- WITH CHECK (bucket_id = 'content');
|
|
||||||
|
|||||||
Reference in New Issue
Block a user