Fixed migrations

This commit is contained in:
2026-03-01 19:12:13 +08:00
parent 830c99a3ff
commit b9153a070f
3 changed files with 46 additions and 42 deletions
@@ -1,36 +1,31 @@
-- Ensure authenticated users can insert into task_activity_logs
-- Idempotent: drops and re-creates a permissive INSERT policy for `authenticated`.
DO $$
BEGIN
-- Ensure table exists
IF NOT EXISTS (SELECT 1 FROM information_schema.tables WHERE table_name='task_activity_logs') THEN
-- 1. Ensure table exists
IF NOT EXISTS (
SELECT 1 FROM information_schema.tables
WHERE table_schema = 'public' AND table_name = 'task_activity_logs'
) THEN
RAISE NOTICE 'table task_activity_logs does not exist; skipping policy creation';
RETURN;
END IF;
-- Enable row level security (idempotent)
-- 2. Enable row level security (idempotent)
EXECUTE 'ALTER TABLE IF EXISTS public.task_activity_logs ENABLE ROW LEVEL SECURITY';
-- Drop any existing permissive insert policy we manage
IF EXISTS (
SELECT 1 FROM pg_policies
WHERE polname = 'allow_auth_inserts_all'
AND polrelid = 'public.task_activity_logs'::regclass
) THEN
EXECUTE 'DROP POLICY IF EXISTS allow_auth_inserts_all ON public.task_activity_logs';
END IF;
-- 3. Drop existing policies to ensure idempotency
-- (PostgreSQL handles IF EXISTS perfectly here, no need for complex catalog queries)
EXECUTE 'DROP POLICY IF EXISTS allow_auth_inserts_all ON public.task_activity_logs';
EXECUTE 'DROP POLICY IF EXISTS allow_service_role_all ON public.task_activity_logs';
-- Create a permissive INSERT policy for authenticated users
EXECUTE 'CREATE POLICY allow_auth_inserts_all ON public.task_activity_logs FOR INSERT TO authenticated USING (true) WITH CHECK (true)';
-- 4. Create a permissive INSERT policy for authenticated users
-- (Removed USING clause, as FOR INSERT only accepts WITH CHECK)
EXECUTE 'CREATE POLICY allow_auth_inserts_all ON public.task_activity_logs
FOR INSERT TO authenticated WITH CHECK (true)';
-- 5. Create a permissive ALL policy for the service_role
-- (Corrected TO clause from 'authenticated' to 'service_role')
EXECUTE 'CREATE POLICY allow_service_role_all ON public.task_activity_logs
FOR ALL TO service_role USING (true) WITH CHECK (true)';
-- Also allow the service_role for function-based inserts (optional)
IF NOT EXISTS (
SELECT 1 FROM pg_policies
WHERE polname = 'allow_service_role_all'
AND polrelid = 'public.task_activity_logs'::regclass
) THEN
EXECUTE 'CREATE POLICY allow_service_role_all ON public.task_activity_logs FOR ALL TO authenticated USING (true) WITH CHECK (true)';
END IF;
END
$$;
$$;