dwindown/meet-hub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9fdcf07439572997686bde66a5d7ae74a4e0ae3b
meet-hub/STORAGE_RLS_FIX.sql
dwindown 7a8f9cb9a9 Fix logo/favicon upload, badge colors, and page title issues 
Issue 1 - Logo/Favicon Upload:
- Add preview before upload (user must confirm)
- Show selected file preview with confirm/cancel buttons
- Fallback to current image if preview cancelled
- File size validation (2MB logo, 1MB favicon)
- Add STORAGE_RLS_FIX.sql for storage policy setup

Issue 2 - Badge Colors:
- Already implemented correctly in all files
- All "Lunas" badges use bg-brand-accent class
- Verified: OrderDetail, MemberOrders, Dashboard, MemberDashboard

Issue 3 - Page Title Error:
- Change .single() to .maybeSingle() in useBranding hook
- Handle error case gracefully with default branding
- Set default title even when platform_settings is empty
- This fixes the "JSON object requested, multiple (or no) rows returned" error

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-24 12:31:48 +07:00

121 lines
3.9 KiB
SQL
Raw Blame History

-- =====================================================
-- STORAGE RLS POLICIES FOR LOGO/FAVICON UPLOAD
-- =====================================================
-- This fixes the "new row violates row-level security policy" error
-- when uploading logo/favicon to Supabase Storage
-- =====================================================
-- Step 1: Verify the 'content' bucket exists
SELECT * FROM storage.buckets WHERE name = 'content';
-- If no rows returned, create the bucket:
-- INSERT INTO storage.buckets (id, name, public)
-- VALUES ('content', 'content', true);
-- Step 2: Drop existing policies (if any) on brand-assets
DROP POLICY IF EXISTS "Authenticated users can upload brand assets" ON storage.objects;
DROP POLICY IF EXISTS "Authenticated users can delete brand assets" ON storage.objects;
DROP POLICY IF EXISTS "Public can view brand assets" ON storage.objects;
-- Step 3: Create policies for brand-assets upload
-- Policy 1: Allow authenticated users to INSERT (upload) files to brand-assets folder
CREATE POLICY "Authenticated users can upload brand assets"
ON storage.objects FOR INSERT
TO authenticated
WITH CHECK (
bucket_id = 'content'
AND (name LIKE 'brand-assets/logo/%' OR name LIKE 'brand-assets/favicon/%')
);
-- Policy 2: Allow authenticated users to UPDATE (replace) files in brand-assets folder
CREATE POLICY "Authenticated users can update brand assets"
ON storage.objects FOR UPDATE
TO authenticated
USING (
bucket_id = 'content'
AND (name LIKE 'brand-assets/logo/%' OR name LIKE 'brand-assets/favicon/%')
)
WITH CHECK (
bucket_id = 'content'
AND (name LIKE 'brand-assets/logo/%' OR name LIKE 'brand-assets/favicon/%')
);
-- Policy 3: Allow authenticated users to DELETE files in brand-assets folder
CREATE POLICY "Authenticated users can delete brand assets"
ON storage.objects FOR DELETE
TO authenticated
USING (
bucket_id = 'content'
AND (name LIKE 'brand-assets/logo/%' OR name LIKE 'brand-assets/favicon/%')
);
-- Policy 4: Allow public SELECT (view) on brand-assets (for displaying images)
CREATE POLICY "Public can view brand assets"
ON storage.objects FOR SELECT
TO public
USING (
bucket_id = 'content'
AND (name LIKE 'brand-assets/logo/%' OR name LIKE 'brand-assets/favicon/%')
);
-- Step 5: Allow LIST operation for authenticated users (needed for auto-delete)
CREATE POLICY "Authenticated users can list brand assets"
ON storage.objects FOR SELECT
TO authenticated
USING (
bucket_id = 'content'
AND (name LIKE 'brand-assets/logo%' OR name LIKE 'brand-assets/favicon%')
);
-- =====================================================
-- VERIFICATION QUERIES
-- =====================================================
-- Check all policies on storage.objects
SELECT
schemaname,
tablename,
policyname,
permissive,
roles,
cmd,
qual,
with_check
FROM pg_policies
WHERE tablename = 'objects'
AND schemaname = 'storage';
-- Test if you can access the bucket
SELECT * FROM storage.objects WHERE bucket_id = 'content' LIMIT 5;
-- =====================================================
-- TROUBLESHOOTING
-- =====================================================
-- If still getting RLS errors, check:
-- 1. Are you logged in?
SELECT auth.uid();
-- 2. Check RLS is enabled
SELECT tablename, rowsecurity
FROM pg_tables
WHERE schemaname = 'storage'
AND tablename = 'objects';
-- 3. Check bucket is public
SELECT * FROM storage.buckets WHERE name = 'content';
-- =====================================================
-- ALTERNATIVE: Less restrictive policies (NOT RECOMMENDED for production)
-- =====================================================
-- Only use these if you trust all authenticated users completely
-- -- Allow full access to content bucket for authenticated users
-- CREATE POLICY "Authenticated users have full access to content bucket"
-- ON storage.objects FOR ALL
-- TO authenticated
-- USING (bucket_id = 'content')
-- WITH CHECK (bucket_id = 'content');
Reference in New Issue View Git Blame Copy Permalink