Fix Storage RLS, refactor AI analysis to Base64, and improve ScanAndTaste save flow
This commit is contained in:
@@ -18,6 +18,7 @@ CREATE TABLE IF NOT EXISTS public.profiles (
|
||||
id UUID REFERENCES auth.users ON DELETE CASCADE PRIMARY KEY,
|
||||
username TEXT UNIQUE,
|
||||
avatar_url TEXT,
|
||||
deletion_requested_at TIMESTAMP WITH TIME ZONE,
|
||||
updated_at TIMESTAMP WITH TIME ZONE DEFAULT timezone('Europe/Berlin'::text, now())
|
||||
);
|
||||
|
||||
@@ -42,6 +43,7 @@ CREATE TABLE IF NOT EXISTS public.bottles (
|
||||
bottled_at TEXT,
|
||||
batch_info TEXT,
|
||||
suggested_tags TEXT[],
|
||||
suggested_custom_tags TEXT[],
|
||||
created_at TIMESTAMP WITH TIME ZONE DEFAULT timezone('Europe/Berlin'::text, now()),
|
||||
updated_at TIMESTAMP WITH TIME ZONE DEFAULT timezone('Europe/Berlin'::text, now())
|
||||
);
|
||||
@@ -85,6 +87,7 @@ CREATE TABLE IF NOT EXISTS public.tastings (
|
||||
palate_notes TEXT,
|
||||
finish_notes TEXT,
|
||||
audio_transcript_url TEXT,
|
||||
is_sample BOOLEAN DEFAULT false,
|
||||
tasted_at TIMESTAMP WITH TIME ZONE DEFAULT timezone('Europe/Berlin'::text, now()),
|
||||
created_at TIMESTAMP WITH TIME ZONE DEFAULT timezone('Europe/Berlin'::text, now())
|
||||
);
|
||||
@@ -325,6 +328,7 @@ ALTER TABLE public.tags ENABLE ROW LEVEL SECURITY;
|
||||
|
||||
-- Policies
|
||||
CREATE POLICY "profiles_select_policy" ON public.profiles FOR SELECT USING (auth.uid() = id OR EXISTS (SELECT 1 FROM public.admin_users WHERE user_id = auth.uid()));
|
||||
CREATE POLICY "profiles_insert_policy" ON public.profiles FOR INSERT WITH CHECK (auth.uid() = id);
|
||||
CREATE POLICY "profiles_update_policy" ON public.profiles FOR UPDATE USING (auth.uid() = id OR EXISTS (SELECT 1 FROM public.admin_users WHERE user_id = auth.uid()));
|
||||
|
||||
CREATE POLICY "bottles_select_policy" ON public.bottles FOR SELECT USING (
|
||||
@@ -385,3 +389,29 @@ INSERT INTO public.subscription_plans (name, display_name, monthly_credits, pric
|
||||
('silver', 'Silver', 100, 8.99, 'Best value for power users', 3),
|
||||
('gold', 'Gold', 250, 19.99, 'Unlimited searches for professionals', 4)
|
||||
ON CONFLICT (name) DO NOTHING;
|
||||
|
||||
-- ============================================
|
||||
-- 8. STORAGE POLICIES
|
||||
-- ============================================
|
||||
|
||||
-- Policies for 'bottles' bucket
|
||||
-- These policies use a folder structure where the first part is the user's ID: auth.uid()
|
||||
INSERT INTO storage.buckets (id, name, public)
|
||||
VALUES ('bottles', 'bottles', false)
|
||||
ON CONFLICT (id) DO NOTHING;
|
||||
|
||||
CREATE POLICY "Allow authenticated uploads" ON storage.objects
|
||||
FOR INSERT TO authenticated
|
||||
WITH CHECK (bucket_id = 'bottles' AND (storage.foldername(name))[1] = auth.uid()::text);
|
||||
|
||||
CREATE POLICY "Allow authenticated selects" ON storage.objects
|
||||
FOR SELECT TO authenticated
|
||||
USING (bucket_id = 'bottles');
|
||||
|
||||
CREATE POLICY "Allow authenticated updates" ON storage.objects
|
||||
FOR UPDATE TO authenticated
|
||||
USING (bucket_id = 'bottles' AND (storage.foldername(name))[1] = auth.uid()::text);
|
||||
|
||||
CREATE POLICY "Allow authenticated deletes" ON storage.objects
|
||||
FOR DELETE TO authenticated
|
||||
USING (bucket_id = 'bottles' AND (storage.foldername(name))[1] = auth.uid()::text);
|
||||
|
||||
Reference in New Issue
Block a user