Add comprehensive table grants for authenticated role
Build and Push Docker Image / build (push) Successful in 1m54s
Details
Build and Push Docker Image / build (push) Successful in 1m54s
Details
RLS policies define WHAT rows can be accessed, but GRANT statements control WHETHER a table can be accessed at all. This was causing 403 errors when authenticated users tried to access tables. Added grants for: - Core tables: members, membership_statuses, membership_types - Dues: dues_payments (SELECT) - Events: events, event_types, event_rsvps (full CRUD), event_rsvps_public - Documents: documents, document_categories, document_folders - Settings: app_settings (SELECT for public settings) - Email: email_logs (SELECT for own logs) - Preferences: user_notification_preferences (SELECT, INSERT, UPDATE) - Views: members_with_dues, events_with_counts Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
parent
fdd0bb1f7e
commit
dc0198dcad
|
|
@ -243,6 +243,12 @@ GRANT ALL ON public.membership_statuses TO service_role;
|
|||
GRANT ALL ON public.membership_types TO service_role;
|
||||
GRANT ALL ON public.members TO service_role;
|
||||
|
||||
-- Grant authenticated role read access to core tables (required for RLS to work)
|
||||
GRANT SELECT ON public.membership_statuses TO authenticated;
|
||||
GRANT SELECT ON public.membership_types TO authenticated;
|
||||
GRANT SELECT ON public.members TO authenticated;
|
||||
GRANT UPDATE ON public.members TO authenticated;
|
||||
|
||||
-- DUES PAYMENTS
|
||||
CREATE TABLE public.dues_payments (
|
||||
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
||||
|
|
@ -575,6 +581,9 @@ LEFT JOIN LATERAL (
|
|||
LIMIT 1
|
||||
) dp ON true;
|
||||
|
||||
-- Grant access to authenticated users
|
||||
GRANT SELECT ON public.members_with_dues TO authenticated;
|
||||
|
||||
-- Events with attendee counts
|
||||
CREATE VIEW public.events_with_counts AS
|
||||
SELECT
|
||||
|
|
@ -617,6 +626,39 @@ LEFT JOIN LATERAL (
|
|||
WHERE event_id = e.id
|
||||
) public_rsvps ON true;
|
||||
|
||||
-- Grant view access to authenticated users
|
||||
GRANT SELECT ON public.events_with_counts TO authenticated;
|
||||
|
||||
-- ============================================
|
||||
-- TABLE GRANTS FOR AUTHENTICATED ROLE
|
||||
-- ============================================
|
||||
-- These grants are required for RLS policies to work.
|
||||
-- RLS policies control WHAT rows can be accessed,
|
||||
-- but GRANT controls WHETHER the table can be accessed at all.
|
||||
|
||||
-- Core tables
|
||||
GRANT SELECT ON public.dues_payments TO authenticated;
|
||||
|
||||
-- Events
|
||||
GRANT SELECT ON public.events TO authenticated;
|
||||
GRANT SELECT ON public.event_types TO authenticated;
|
||||
GRANT SELECT, INSERT, UPDATE, DELETE ON public.event_rsvps TO authenticated;
|
||||
GRANT SELECT, INSERT ON public.event_rsvps_public TO authenticated;
|
||||
|
||||
-- Documents
|
||||
GRANT SELECT ON public.documents TO authenticated;
|
||||
GRANT SELECT ON public.document_categories TO authenticated;
|
||||
GRANT SELECT ON public.document_folders TO authenticated;
|
||||
|
||||
-- Settings (public settings viewable)
|
||||
GRANT SELECT ON public.app_settings TO authenticated;
|
||||
|
||||
-- Email logs (own logs viewable)
|
||||
GRANT SELECT ON public.email_logs TO authenticated;
|
||||
|
||||
-- Notification preferences
|
||||
GRANT SELECT, INSERT, UPDATE ON public.user_notification_preferences TO authenticated;
|
||||
|
||||
-- ROW LEVEL SECURITY
|
||||
|
||||
-- Enable RLS on all tables
|
||||
|
|
|
|||
Loading…
Reference in New Issue