chore: remove unused profile lock migration and admin_profile_service

This commit is contained in:
2026-02-18 18:13:10 +08:00
parent e3afd51410
commit 04fd874a48
18 changed files with 1471 additions and 220 deletions
@@ -0,0 +1,2 @@
alter table public.duty_schedules
add column if not exists reliever_ids uuid[] default '{}'::uuid[];
@@ -0,0 +1,42 @@
-- Enforce that team leaders and team members must be profiles with role = 'it_staff'
-- Function: validate_team_leader_is_it_staff
create or replace function public.validate_team_leader_is_it_staff()
returns trigger language plpgsql as $$
begin
if new.leader_id is not null then
perform 1 from public.profiles where id = new.leader_id and role = 'it_staff';
if not found then
raise exception 'team leader must have role "it_staff"';
end if;
end if;
return new;
end;
$$;
-- Trigger on teams
drop trigger if exists trig_validate_team_leader on public.teams;
create trigger trig_validate_team_leader
before insert or update on public.teams
for each row execute function public.validate_team_leader_is_it_staff();
-- Function: validate_team_member_is_it_staff
create or replace function public.validate_team_member_is_it_staff()
returns trigger language plpgsql as $$
begin
if new.user_id is not null then
perform 1 from public.profiles where id = new.user_id and role = 'it_staff';
if not found then
raise exception 'team member must have role "it_staff"';
end if;
end if;
return new;
end;
$$;
-- Trigger on team_members
drop trigger if exists trig_validate_team_member on public.team_members;
create trigger trig_validate_team_member
before insert or update on public.team_members
for each row execute function public.validate_team_member_is_it_staff();
@@ -0,0 +1,49 @@
-- Row-level security for teams and team_members
-- Enable RLS on teams and team_members
ALTER TABLE public.teams ENABLE ROW LEVEL SECURITY;
ALTER TABLE public.team_members ENABLE ROW LEVEL SECURITY;
-- Allow only profiles with role = 'admin' to select/manage teams
CREATE POLICY "Admins can manage teams (select)" ON public.teams
FOR SELECT
USING (
EXISTS (
SELECT 1 FROM public.profiles p WHERE p.id = auth.uid() AND p.role = 'admin'
)
);
CREATE POLICY "Admins can manage teams (write)" ON public.teams
FOR ALL
USING (
EXISTS (
SELECT 1 FROM public.profiles p WHERE p.id = auth.uid() AND p.role = 'admin'
)
)
WITH CHECK (
EXISTS (
SELECT 1 FROM public.profiles p WHERE p.id = auth.uid() AND p.role = 'admin'
)
);
-- Policies for team_members (admin-only management)
CREATE POLICY "Admins can manage team_members (select)" ON public.team_members
FOR SELECT
USING (
EXISTS (
SELECT 1 FROM public.profiles p WHERE p.id = auth.uid() AND p.role = 'admin'
)
);
CREATE POLICY "Admins can manage team_members (write)" ON public.team_members
FOR ALL
USING (
EXISTS (
SELECT 1 FROM public.profiles p WHERE p.id = auth.uid() AND p.role = 'admin'
)
)
WITH CHECK (
EXISTS (
SELECT 1 FROM public.profiles p WHERE p.id = auth.uid() AND p.role = 'admin'
)
);