84 lines
3.5 KiB
SQL
84 lines
3.5 KiB
SQL
-- ============================================================
|
|
-- Fix: RLS addon_credits e addon_transactions
|
|
-- 1. SaaS Admin: acesso total
|
|
-- 2. Tenant members: SELECT nos seus créditos/transações
|
|
-- Agência PSI — 2026-03-22
|
|
-- ============================================================
|
|
|
|
-- ── addon_products: admin pode tudo (CRUD) ────────────────────
|
|
DROP POLICY IF EXISTS "addon_products_admin_all" ON public.addon_products;
|
|
CREATE POLICY "addon_products_admin_all"
|
|
ON public.addon_products FOR ALL
|
|
TO authenticated
|
|
USING (
|
|
EXISTS (SELECT 1 FROM public.saas_admins WHERE user_id = auth.uid())
|
|
)
|
|
WITH CHECK (
|
|
EXISTS (SELECT 1 FROM public.saas_admins WHERE user_id = auth.uid())
|
|
);
|
|
|
|
-- ── addon_credits: admin pode ver todos ───────────────────────
|
|
DROP POLICY IF EXISTS "addon_credits_admin_select" ON public.addon_credits;
|
|
CREATE POLICY "addon_credits_admin_select"
|
|
ON public.addon_credits FOR SELECT
|
|
TO authenticated
|
|
USING (
|
|
EXISTS (SELECT 1 FROM public.saas_admins WHERE user_id = auth.uid())
|
|
);
|
|
|
|
-- ── addon_credits: admin pode inserir/atualizar ───────────────
|
|
DROP POLICY IF EXISTS "addon_credits_admin_write" ON public.addon_credits;
|
|
CREATE POLICY "addon_credits_admin_write"
|
|
ON public.addon_credits FOR ALL
|
|
TO authenticated
|
|
USING (
|
|
EXISTS (SELECT 1 FROM public.saas_admins WHERE user_id = auth.uid())
|
|
)
|
|
WITH CHECK (
|
|
EXISTS (SELECT 1 FROM public.saas_admins WHERE user_id = auth.uid())
|
|
);
|
|
|
|
-- ── addon_transactions: admin pode ver todas ──────────────────
|
|
DROP POLICY IF EXISTS "addon_transactions_admin_select" ON public.addon_transactions;
|
|
CREATE POLICY "addon_transactions_admin_select"
|
|
ON public.addon_transactions FOR SELECT
|
|
TO authenticated
|
|
USING (
|
|
EXISTS (SELECT 1 FROM public.saas_admins WHERE user_id = auth.uid())
|
|
);
|
|
|
|
-- ── addon_transactions: admin pode inserir ────────────────────
|
|
DROP POLICY IF EXISTS "addon_transactions_admin_insert" ON public.addon_transactions;
|
|
CREATE POLICY "addon_transactions_admin_insert"
|
|
ON public.addon_transactions FOR INSERT
|
|
TO authenticated
|
|
WITH CHECK (
|
|
EXISTS (SELECT 1 FROM public.saas_admins WHERE user_id = auth.uid())
|
|
);
|
|
|
|
-- ══════════════════════════════════════════════════════════════
|
|
-- Corrige policies de tenant members (SELECT)
|
|
-- A policy original usava tenant_id = auth.uid(), mas o auth.uid()
|
|
-- é o user_id, não o tenant_id. Usa is_tenant_member() em vez disso.
|
|
-- ══════════════════════════════════════════════════════════════
|
|
|
|
-- addon_credits: membro do tenant vê os créditos do seu tenant
|
|
DROP POLICY IF EXISTS "addon_credits_select_own" ON public.addon_credits;
|
|
CREATE POLICY "addon_credits_select_own"
|
|
ON public.addon_credits FOR SELECT
|
|
TO authenticated
|
|
USING (
|
|
public.is_tenant_member(tenant_id)
|
|
OR owner_id = auth.uid()
|
|
);
|
|
|
|
-- addon_transactions: membro do tenant vê as transações do seu tenant
|
|
DROP POLICY IF EXISTS "addon_transactions_select_own" ON public.addon_transactions;
|
|
CREATE POLICY "addon_transactions_select_own"
|
|
ON public.addon_transactions FOR SELECT
|
|
TO authenticated
|
|
USING (
|
|
public.is_tenant_member(tenant_id)
|
|
OR owner_id = auth.uid()
|
|
);
|