Krao Hasanee
eee0885811
- Remove recursive directory size calculations (single Seafile API call per list) - Remove 'Used in this location' usage display - Fix move using v2 per-type endpoints instead of broken batch endpoint - Send entry type from frontend for correct move routing Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
154 lines
6.6 KiB
PL/PgSQL
154 lines
6.6 KiB
PL/PgSQL
create table if not exists public.company_members (
|
|
id uuid default gen_random_uuid() primary key,
|
|
company_id uuid references public.companies(id) on delete cascade not null,
|
|
profile_id uuid references public.profiles(id) on delete cascade not null,
|
|
created_at timestamptz default now() not null,
|
|
unique(company_id, profile_id)
|
|
);
|
|
|
|
alter table public.company_members enable row level security;
|
|
|
|
insert into public.company_members (company_id, profile_id)
|
|
select company_id, id
|
|
from public.profiles
|
|
where company_id is not null
|
|
on conflict (company_id, profile_id) do nothing;
|
|
|
|
create or replace function public.has_company_access(company uuid)
|
|
returns boolean as $$
|
|
select exists (
|
|
select 1
|
|
from public.profiles p
|
|
where p.id = auth.uid()
|
|
and (
|
|
p.company_id = company
|
|
or exists (
|
|
select 1
|
|
from public.company_members cm
|
|
where cm.profile_id = auth.uid()
|
|
and cm.company_id = company
|
|
)
|
|
)
|
|
);
|
|
$$ language sql security definer stable;
|
|
|
|
drop policy if exists "Team all company_members" on public.company_members;
|
|
drop policy if exists "Users read own company memberships" on public.company_members;
|
|
create policy "Team all company_members" on public.company_members
|
|
for all using (get_my_role() = 'team') with check (get_my_role() = 'team');
|
|
create policy "Users read own company memberships" on public.company_members
|
|
for select using (profile_id = auth.uid());
|
|
|
|
drop policy if exists "Client reads own company" on public.companies;
|
|
drop policy if exists "Client updates own company" on public.companies;
|
|
create policy "Client reads assigned companies" on public.companies
|
|
for select using (has_company_access(id));
|
|
create policy "Client updates primary company" on public.companies
|
|
for update using (id = get_my_company_id()) with check (id = get_my_company_id());
|
|
|
|
drop policy if exists "Client reads company projects" on public.projects;
|
|
drop policy if exists "Client inserts company projects" on public.projects;
|
|
drop policy if exists "Client updates own company projects" on public.projects;
|
|
create policy "Client reads assigned company projects" on public.projects
|
|
for select using (has_company_access(company_id));
|
|
create policy "Client inserts assigned company projects" on public.projects
|
|
for insert with check (get_my_role() = 'client' and has_company_access(company_id));
|
|
create policy "Client updates assigned company projects" on public.projects
|
|
for update using (get_my_role() = 'client' and has_company_access(company_id))
|
|
with check (get_my_role() = 'client' and has_company_access(company_id));
|
|
|
|
drop policy if exists "Client reads company tasks" on public.tasks;
|
|
drop policy if exists "Client insert task" on public.tasks;
|
|
drop policy if exists "Client updates company tasks" on public.tasks;
|
|
create policy "Client reads assigned company tasks" on public.tasks for select using (
|
|
project_id in (select id from public.projects where has_company_access(company_id))
|
|
);
|
|
create policy "Client inserts assigned company tasks" on public.tasks for insert with check (
|
|
get_my_role() = 'client'
|
|
and project_id in (select id from public.projects where has_company_access(company_id))
|
|
);
|
|
create policy "Client updates assigned company tasks" on public.tasks
|
|
for update
|
|
using (
|
|
get_my_role() = 'client'
|
|
and project_id in (select id from public.projects where has_company_access(company_id))
|
|
)
|
|
with check (
|
|
get_my_role() = 'client'
|
|
and project_id in (select id from public.projects where has_company_access(company_id))
|
|
);
|
|
|
|
drop policy if exists "Client reads company submissions" on public.submissions;
|
|
drop policy if exists "Client inserts submissions" on public.submissions;
|
|
create policy "Client reads assigned company submissions" on public.submissions for select using (
|
|
task_id in (
|
|
select t.id from public.tasks t
|
|
join public.projects p on p.id = t.project_id
|
|
where has_company_access(p.company_id)
|
|
)
|
|
);
|
|
create policy "Client inserts assigned company submissions" on public.submissions for insert with check (
|
|
get_my_role() = 'client'
|
|
and submitted_by = auth.uid()
|
|
and task_id in (
|
|
select t.id from public.tasks t
|
|
join public.projects p on p.id = t.project_id
|
|
where has_company_access(p.company_id)
|
|
)
|
|
);
|
|
|
|
drop policy if exists "Client reads company submission_files" on public.submission_files;
|
|
drop policy if exists "Client inserts submission_files" on public.submission_files;
|
|
create policy "Client reads assigned company submission_files" on public.submission_files for select using (
|
|
submission_id in (
|
|
select s.id from public.submissions s
|
|
join public.tasks t on t.id = s.task_id
|
|
join public.projects p on p.id = t.project_id
|
|
where has_company_access(p.company_id)
|
|
)
|
|
);
|
|
create policy "Client inserts assigned company submission_files" on public.submission_files for insert with check (
|
|
get_my_role() = 'client'
|
|
and submission_id in (
|
|
select s.id from public.submissions s
|
|
join public.tasks t on t.id = s.task_id
|
|
join public.projects p on p.id = t.project_id
|
|
where has_company_access(p.company_id)
|
|
and s.submitted_by = auth.uid()
|
|
)
|
|
);
|
|
|
|
drop policy if exists "Client reads company deliveries" on public.deliveries;
|
|
create policy "Client reads assigned company deliveries" on public.deliveries for select using (
|
|
submission_id in (
|
|
select s.id from public.submissions s
|
|
join public.tasks t on t.id = s.task_id
|
|
join public.projects p on p.id = t.project_id
|
|
where has_company_access(p.company_id)
|
|
)
|
|
);
|
|
|
|
drop policy if exists "Client reads company delivery_files" on public.delivery_files;
|
|
create policy "Client reads assigned company delivery_files" on public.delivery_files for select using (
|
|
delivery_id in (
|
|
select d.id from public.deliveries d
|
|
join public.submissions s on s.id = d.submission_id
|
|
join public.tasks t on t.id = s.task_id
|
|
join public.projects p on p.id = t.project_id
|
|
where has_company_access(p.company_id)
|
|
)
|
|
);
|
|
|
|
drop policy if exists "Client reads own company prices" on public.company_prices;
|
|
create policy "Client reads assigned company prices" on public.company_prices
|
|
for select using (has_company_access(company_id));
|
|
|
|
drop policy if exists "Client reads company invoices" on public.invoices;
|
|
create policy "Client reads assigned company invoices" on public.invoices
|
|
for select using (has_company_access(company_id));
|
|
|
|
drop policy if exists "Client reads company invoice_items" on public.invoice_items;
|
|
create policy "Client reads assigned company invoice_items" on public.invoice_items for select using (
|
|
invoice_id in (select id from public.invoices where has_company_access(company_id))
|
|
);
|