Added migration non admin read only service table

2026-02-23 18:26:25 +08:00 · 2026-02-23 18:26:25 +08:00 · 9a0cf7a89d
commit 9a0cf7a89d
parent 3f9f576b33
1 changed files with 30 additions and 0 deletions
--- a/supabase/migrations/20260223090000_services_read_only_for_standard_it_dispatcher.sql
+++ b/supabase/migrations/20260223090000_services_read_only_for_standard_it_dispatcher.sql
@ -0,0 +1,30 @@
+-- Make `services` list read-only for `standard`, `it_staff`, and `dispatcher` roles.
+-- Only `admin` may create/update/delete services.
+
+ALTER TABLE public.services ENABLE ROW LEVEL SECURITY;
+
+-- SELECT: allow read for standard, it_staff, dispatcher and admin
+DROP POLICY IF EXISTS "Services: select" ON public.services;
+CREATE POLICY "Services: select" ON public.services
+  FOR SELECT
+  USING (
+    EXISTS (
+      SELECT 1 FROM public.profiles p
+      WHERE p.id = auth.uid() AND p.role IN ('standard', 'it_staff', 'dispatcher', 'admin')
+    )
+  );
+
+-- WRITE (INSERT/UPDATE/DELETE): only admins may modify services
+DROP POLICY IF EXISTS "Services: admin manage" ON public.services;
+CREATE POLICY "Services: admin manage" ON public.services
+  FOR ALL
+  USING (
+    EXISTS (
+      SELECT 1 FROM public.profiles p WHERE p.id = auth.uid() AND p.role = 'admin'
+    )
+  )
+  WITH CHECK (
+    EXISTS (
+      SELECT 1 FROM public.profiles p WHERE p.id = auth.uid() AND p.role = 'admin'
+    )
+  );