Added programmer role and fixed snackbar not showing
This commit is contained in:
@@ -0,0 +1,117 @@
|
||||
-- Add `programmer` role to admin-level access checks without granting approval privileges.
|
||||
--
|
||||
-- NOTE: This role should have the same access as admins in the UI and for
|
||||
-- non-approval data access. However, it must NOT be able to approve/reject
|
||||
-- pass slips, leave applications, swap requests, etc.
|
||||
|
||||
-- NOTE: The `programmer` enum value is added in a prior migration so
|
||||
-- it can safely be used in RLS policies and other schema objects.
|
||||
|
||||
-- Teams: allow programmers to manage teams like admins.
|
||||
DROP POLICY IF EXISTS "Admins can manage teams (select)" ON public.teams;
|
||||
DROP POLICY IF EXISTS "Admins can manage teams (write)" ON public.teams;
|
||||
|
||||
CREATE POLICY "Admins can manage teams (select)" ON public.teams
|
||||
FOR SELECT
|
||||
USING (
|
||||
EXISTS (
|
||||
SELECT 1 FROM public.profiles p WHERE p.id = auth.uid() AND p.role IN ('admin', 'programmer')
|
||||
)
|
||||
);
|
||||
|
||||
CREATE POLICY "Admins can manage teams (write)" ON public.teams
|
||||
FOR ALL
|
||||
USING (
|
||||
EXISTS (
|
||||
SELECT 1 FROM public.profiles p WHERE p.id = auth.uid() AND p.role IN ('admin', 'programmer')
|
||||
)
|
||||
)
|
||||
WITH CHECK (
|
||||
EXISTS (
|
||||
SELECT 1 FROM public.profiles p WHERE p.id = auth.uid() AND p.role IN ('admin', 'programmer')
|
||||
)
|
||||
);
|
||||
|
||||
-- Team members: allow programmers to view/insert like admins.
|
||||
DROP POLICY IF EXISTS "Admins can manage team_members (select)" ON public.team_members;
|
||||
DROP POLICY IF EXISTS "Admins can manage team_members (write)" ON public.team_members;
|
||||
|
||||
CREATE POLICY "Admins can manage team_members (select)" ON public.team_members
|
||||
FOR SELECT
|
||||
USING (
|
||||
EXISTS (
|
||||
SELECT 1 FROM public.profiles p WHERE p.id = auth.uid() AND p.role IN ('admin', 'programmer')
|
||||
)
|
||||
);
|
||||
|
||||
CREATE POLICY "Admins can manage team_members (write)" ON public.team_members
|
||||
FOR ALL
|
||||
USING (
|
||||
EXISTS (
|
||||
SELECT 1 FROM public.profiles p WHERE p.id = auth.uid() AND p.role IN ('admin', 'programmer')
|
||||
)
|
||||
)
|
||||
WITH CHECK (
|
||||
EXISTS (
|
||||
SELECT 1 FROM public.profiles p WHERE p.id = auth.uid() AND p.role IN ('admin', 'programmer')
|
||||
)
|
||||
);
|
||||
|
||||
-- Pass slips: allow programmers to view all slips like admins/dispatchers.
|
||||
DROP POLICY IF EXISTS "pass_slips_select" ON pass_slips;
|
||||
CREATE POLICY "pass_slips_select" ON pass_slips FOR SELECT TO authenticated
|
||||
USING (
|
||||
user_id = auth.uid()
|
||||
OR EXISTS (
|
||||
SELECT 1 FROM profiles p WHERE p.id = auth.uid() AND p.role IN ('admin', 'dispatcher', 'programmer')
|
||||
)
|
||||
);
|
||||
|
||||
-- Leaves: allow programmers to view/file leaves like admins/dispatchers/it_staff.
|
||||
DROP POLICY IF EXISTS "Privileged users can view all leaves" ON leave_of_absence;
|
||||
CREATE POLICY "Privileged users can view all leaves"
|
||||
ON leave_of_absence FOR SELECT
|
||||
USING (
|
||||
EXISTS (
|
||||
SELECT 1 FROM profiles
|
||||
WHERE profiles.id = auth.uid()
|
||||
AND profiles.role IN ('admin', 'dispatcher', 'it_staff', 'programmer')
|
||||
)
|
||||
);
|
||||
|
||||
DROP POLICY IF EXISTS "Privileged users can file own leaves" ON leave_of_absence;
|
||||
CREATE POLICY "Privileged users can file own leaves"
|
||||
ON leave_of_absence FOR INSERT
|
||||
WITH CHECK (
|
||||
user_id = auth.uid()
|
||||
AND filed_by = auth.uid()
|
||||
AND EXISTS (
|
||||
SELECT 1 FROM profiles
|
||||
WHERE profiles.id = auth.uid()
|
||||
AND profiles.role IN ('admin', 'dispatcher', 'it_staff', 'programmer')
|
||||
)
|
||||
);
|
||||
|
||||
-- Swap request participants: allow programmers to view/insert participant rows.
|
||||
DROP POLICY IF EXISTS "Swap participants: select" ON public.swap_request_participants;
|
||||
CREATE POLICY "Swap participants: select" ON public.swap_request_participants
|
||||
FOR SELECT
|
||||
USING (
|
||||
user_id = auth.uid()
|
||||
OR EXISTS (
|
||||
SELECT 1 FROM public.profiles p WHERE p.id = auth.uid() AND p.role IN ('admin', 'dispatcher', 'programmer')
|
||||
)
|
||||
OR EXISTS (
|
||||
SELECT 1 FROM public.swap_requests s WHERE s.id = swap_request_id AND (s.requester_id = auth.uid() OR s.recipient_id = auth.uid())
|
||||
)
|
||||
);
|
||||
|
||||
DROP POLICY IF EXISTS "Swap participants: insert" ON public.swap_request_participants;
|
||||
CREATE POLICY "Swap participants: insert" ON public.swap_request_participants
|
||||
FOR INSERT
|
||||
WITH CHECK (
|
||||
user_id = auth.uid()
|
||||
OR EXISTS (
|
||||
SELECT 1 FROM public.profiles p WHERE p.id = auth.uid() AND p.role IN ('admin', 'dispatcher', 'programmer')
|
||||
)
|
||||
);
|
||||
Reference in New Issue
Block a user