robin/Dramlog-Prod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: mobile-first refactor for BottleDetails & RLS security/performance optimizations

Browse Source
This commit is contained in:
robin
2025-12-26 23:58:35 +01:00
parent 20f7436e66
commit 20659567fd
9 changed files with 734 additions and 282 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
rls_buddy_access.sql Normal file
View File

@@ -0,0 +1,75 @@
-- ============================================
-- Buddy Access Logic Migration
-- Run AFTER rls_policy_performance_fixes.sql
-- ============================================
-- Adds read-only access for buddies to see sessions/tastings they participate in
-- ============================================
-- ============================================
-- Fix: tasting_sessions - Add consolidated buddy read access
-- ============================================
-- Drop all previous policies for this table
DROP POLICY IF EXISTS "tasting_sessions_policy" ON tasting_sessions;
DROP POLICY IF EXISTS "tasting_sessions_owner_policy" ON tasting_sessions;
DROP POLICY IF EXISTS "tasting_sessions_buddy_select_policy" ON tasting_sessions;
-- Consolidated SELECT: owner OR participant
CREATE POLICY "tasting_sessions_select_policy" ON tasting_sessions
FOR SELECT USING (
(SELECT auth.uid()) = user_id OR
id IN (
SELECT sp.session_id
FROM session_participants sp
JOIN buddies b ON b.id = sp.buddy_id
WHERE b.buddy_profile_id = (SELECT auth.uid())
)
);
-- Owner-only for other actions
CREATE POLICY "tasting_sessions_insert_policy" ON tasting_sessions
FOR INSERT WITH CHECK ((SELECT auth.uid()) = user_id);
CREATE POLICY "tasting_sessions_update_policy" ON tasting_sessions
FOR UPDATE USING ((SELECT auth.uid()) = user_id);
CREATE POLICY "tasting_sessions_delete_policy" ON tasting_sessions
FOR DELETE USING ((SELECT auth.uid()) = user_id);
-- ============================================
-- Fix: tastings - Add consolidated buddy read access
-- ============================================
-- Drop all previous policies for this table
DROP POLICY IF EXISTS "tastings_policy" ON tastings;
DROP POLICY IF EXISTS "tastings_owner_policy" ON tastings;
DROP POLICY IF EXISTS "tastings_buddy_select_policy" ON tastings;
-- Consolidated SELECT: owner OR tagged buddy
CREATE POLICY "tastings_select_policy" ON tastings
FOR SELECT USING (
(SELECT auth.uid()) = user_id OR
id IN (
SELECT tb.tasting_id
FROM tasting_buddies tb
JOIN buddies b ON b.id = tb.buddy_id
WHERE b.buddy_profile_id = (SELECT auth.uid())
)
);
-- Owner-only for other actions
CREATE POLICY "tastings_insert_policy" ON tastings
FOR INSERT WITH CHECK ((SELECT auth.uid()) = user_id);
CREATE POLICY "tastings_update_policy" ON tastings
FOR UPDATE USING ((SELECT auth.uid()) = user_id);
CREATE POLICY "tastings_delete_policy" ON tastings
FOR DELETE USING ((SELECT auth.uid()) = user_id);
-- ============================================
-- Note: bottles stays owner-only for now
-- The original logic was complex and could cause RLS recursion
-- If you need buddies to see bottles, we can add it separately
-- ============================================