46 lines
1.5 KiB
SQL
46 lines
1.5 KiB
SQL
-- ============================================================
|
|
-- Fix: RLS notification_templates — acesso SaaS Admin
|
|
-- Admin precisa criar/editar/excluir templates globais (tenant_id IS NULL)
|
|
-- Agência PSI — 2026-03-22
|
|
-- ============================================================
|
|
|
|
-- SaaS Admin: acesso total (SELECT + INSERT + UPDATE + DELETE)
|
|
DROP POLICY IF EXISTS "notif_templates_admin_all" ON public.notification_templates;
|
|
CREATE POLICY "notif_templates_admin_all"
|
|
ON public.notification_templates FOR ALL
|
|
TO authenticated
|
|
USING (
|
|
EXISTS (SELECT 1 FROM public.saas_admins WHERE user_id = auth.uid())
|
|
)
|
|
WITH CHECK (
|
|
EXISTS (SELECT 1 FROM public.saas_admins WHERE user_id = auth.uid())
|
|
);
|
|
|
|
-- Tenant member: pode ler os globais + os do seu tenant
|
|
DROP POLICY IF EXISTS "notif_templates_read_global" ON public.notification_templates;
|
|
CREATE POLICY "notif_templates_read_global"
|
|
ON public.notification_templates FOR SELECT
|
|
TO authenticated
|
|
USING (
|
|
deleted_at IS NULL
|
|
AND (
|
|
(tenant_id IS NULL AND is_default = true)
|
|
OR owner_id = auth.uid()
|
|
OR public.is_tenant_member(tenant_id)
|
|
)
|
|
);
|
|
|
|
-- Tenant member: pode inserir/atualizar templates do seu tenant
|
|
DROP POLICY IF EXISTS "notif_templates_write_owner" ON public.notification_templates;
|
|
CREATE POLICY "notif_templates_write_owner"
|
|
ON public.notification_templates FOR ALL
|
|
TO authenticated
|
|
USING (
|
|
owner_id = auth.uid()
|
|
OR public.is_tenant_member(tenant_id)
|
|
)
|
|
WITH CHECK (
|
|
owner_id = auth.uid()
|
|
OR public.is_tenant_member(tenant_id)
|
|
);
|