From f81da356cc4cbfc01c019a7d9ffb83f33950cf15 Mon Sep 17 00:00:00 2001 From: Matt Date: Mon, 26 Jan 2026 16:52:07 +0100 Subject: [PATCH] Fix init.sql table grant ordering Move GRANT statements for document_folders and user_notification_preferences to after their respective CREATE TABLE statements. The grants were failing because they referenced tables that hadn't been created yet. Co-Authored-By: Claude Opus 4.5 --- deploy/init.sql | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/deploy/init.sql b/deploy/init.sql index 9bc4d61..1e481ed 100644 --- a/deploy/init.sql +++ b/deploy/init.sql @@ -658,7 +658,7 @@ GRANT SELECT, INSERT, UPDATE, DELETE ON public.event_rsvps_public TO authenticat -- Documents (board/admin can manage via RLS) GRANT SELECT, INSERT, UPDATE, DELETE ON public.documents TO authenticated; GRANT SELECT ON public.document_categories TO authenticated; -GRANT SELECT, INSERT, UPDATE, DELETE ON public.document_folders TO authenticated; +-- Note: document_folders GRANT is in Migration 006 after table creation -- Settings (admin can manage, all authenticated can read) GRANT SELECT, INSERT, UPDATE, DELETE ON public.app_settings TO authenticated; @@ -667,8 +667,7 @@ GRANT SELECT, INSERT, UPDATE, DELETE ON public.app_settings TO authenticated; GRANT SELECT, UPDATE ON public.email_templates TO authenticated; GRANT SELECT ON public.email_logs TO authenticated; --- Notification preferences -GRANT SELECT, INSERT, UPDATE ON public.user_notification_preferences TO authenticated; +-- Note: user_notification_preferences GRANT is in Migration 004 after table creation -- ROW LEVEL SECURITY @@ -1078,6 +1077,10 @@ USING ( ) ); +-- Grant permissions on user_notification_preferences (table created above) +GRANT SELECT, INSERT, UPDATE ON public.user_notification_preferences TO authenticated; +GRANT ALL ON public.user_notification_preferences TO service_role; + CREATE OR REPLACE FUNCTION create_default_notification_preferences() RETURNS TRIGGER AS $$ BEGIN @@ -1185,6 +1188,10 @@ CREATE POLICY "Admin can delete folders" ON public.document_folders EXISTS (SELECT 1 FROM public.members WHERE id = auth.uid() AND role = 'admin') ); +-- Grant permissions on document_folders (table created above) +GRANT SELECT, INSERT, UPDATE, DELETE ON public.document_folders TO authenticated; +GRANT ALL ON public.document_folders TO service_role; + CREATE INDEX idx_document_folders_parent ON public.document_folders(parent_id); CREATE INDEX idx_documents_folder ON public.documents(folder_id);