letsbe
/
monacousa-portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix init.sql table grant ordering
Build and Push Docker Image / build (push) Successful in 2m49s Details 

Move GRANT statements for document_folders and user_notification_preferences
to after their respective CREATE TABLE statements. The grants were failing
because they referenced tables that hadn't been created yet.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Matt 2026-01-26 16:52:07 +01:00
parent 6be67e2329
commit f81da356cc
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
deploy/init.sql
View File

@ -658,7 +658,7 @@ GRANT SELECT, INSERT, UPDATE, DELETE ON public.event_rsvps_public TO authenticat
-- Documents (board/admin can manage via RLS)
GRANT SELECT, INSERT, UPDATE, DELETE ON public.documents TO authenticated;
GRANT SELECT ON public.document_categories TO authenticated;
GRANT SELECT, INSERT, UPDATE, DELETE ON public.document_folders TO authenticated;
-- Note: document_folders GRANT is in Migration 006 after table creation
-- Settings (admin can manage, all authenticated can read)
GRANT SELECT, INSERT, UPDATE, DELETE ON public.app_settings TO authenticated;
@ -667,8 +667,7 @@ GRANT SELECT, INSERT, UPDATE, DELETE ON public.app_settings TO authenticated;
GRANT SELECT, UPDATE ON public.email_templates TO authenticated;
GRANT SELECT ON public.email_logs TO authenticated;
-- Notification preferences
GRANT SELECT, INSERT, UPDATE ON public.user_notification_preferences TO authenticated;
-- Note: user_notification_preferences GRANT is in Migration 004 after table creation
-- ROW LEVEL SECURITY
@ -1078,6 +1077,10 @@ USING (
)
);
-- Grant permissions on user_notification_preferences (table created above)
GRANT SELECT, INSERT, UPDATE ON public.user_notification_preferences TO authenticated;
GRANT ALL ON public.user_notification_preferences TO service_role;
CREATE OR REPLACE FUNCTION create_default_notification_preferences()
RETURNS TRIGGER AS $$
BEGIN
@ -1185,6 +1188,10 @@ CREATE POLICY "Admin can delete folders" ON public.document_folders
EXISTS (SELECT 1 FROM public.members WHERE id = auth.uid() AND role = 'admin')
);
-- Grant permissions on document_folders (table created above)
GRANT SELECT, INSERT, UPDATE, DELETE ON public.document_folders TO authenticated;
GRANT ALL ON public.document_folders TO service_role;
CREATE INDEX idx_document_folders_parent ON public.document_folders(parent_id);
CREATE INDEX idx_documents_folder ON public.documents(folder_id);