diff --git a/deploy/init.sql b/deploy/init.sql index 9bc4d61..1e481ed 100644 --- a/deploy/init.sql +++ b/deploy/init.sql @@ -658,7 +658,7 @@ GRANT SELECT, INSERT, UPDATE, DELETE ON public.event_rsvps_public TO authenticat -- Documents (board/admin can manage via RLS) GRANT SELECT, INSERT, UPDATE, DELETE ON public.documents TO authenticated; GRANT SELECT ON public.document_categories TO authenticated; -GRANT SELECT, INSERT, UPDATE, DELETE ON public.document_folders TO authenticated; +-- Note: document_folders GRANT is in Migration 006 after table creation -- Settings (admin can manage, all authenticated can read) GRANT SELECT, INSERT, UPDATE, DELETE ON public.app_settings TO authenticated; @@ -667,8 +667,7 @@ GRANT SELECT, INSERT, UPDATE, DELETE ON public.app_settings TO authenticated; GRANT SELECT, UPDATE ON public.email_templates TO authenticated; GRANT SELECT ON public.email_logs TO authenticated; --- Notification preferences -GRANT SELECT, INSERT, UPDATE ON public.user_notification_preferences TO authenticated; +-- Note: user_notification_preferences GRANT is in Migration 004 after table creation -- ROW LEVEL SECURITY @@ -1078,6 +1077,10 @@ USING ( ) ); +-- Grant permissions on user_notification_preferences (table created above) +GRANT SELECT, INSERT, UPDATE ON public.user_notification_preferences TO authenticated; +GRANT ALL ON public.user_notification_preferences TO service_role; + CREATE OR REPLACE FUNCTION create_default_notification_preferences() RETURNS TRIGGER AS $$ BEGIN @@ -1185,6 +1188,10 @@ CREATE POLICY "Admin can delete folders" ON public.document_folders EXISTS (SELECT 1 FROM public.members WHERE id = auth.uid() AND role = 'admin') ); +-- Grant permissions on document_folders (table created above) +GRANT SELECT, INSERT, UPDATE, DELETE ON public.document_folders TO authenticated; +GRANT ALL ON public.document_folders TO service_role; + CREATE INDEX idx_document_folders_parent ON public.document_folders(parent_id); CREATE INDEX idx_documents_folder ON public.documents(folder_id);