Fixed migrations

supabase/migrations/20260225120000_add_device_id_to_fcm_tokens.sql

@@ -1,19 +1,22 @@
--- add device_id column to fcm_tokens and a unique constraint on (user_id, device_id)
+-- Add device_id column to fcm_tokens
-
 alter table if exists public.fcm_tokens
   add column if not exists device_id text;
 
--- create a unique index so upsert can update the row for the same device
+-- Create a unique index so upsert can update the row for the same device
 create unique index if not exists fcm_tokens_user_device_idx
   on public.fcm_tokens(user_id, device_id);
 
--- ensure device_id is protected by RLS policies: allow users to insert/update/delete their device rows
+-- Drop policies if they exist to prevent duplication errors
--- (these policies assume RLS is already enabled on the table)
+drop policy if exists "Allow users insert their device tokens" on public.fcm_tokens;
-create policy if not exists "Allow users insert their device tokens" on public.fcm_tokens
+drop policy if exists "Allow users delete their device tokens" on public.fcm_tokens;
+drop policy if exists "Allow users update their device tokens" on public.fcm_tokens;
+
+-- Recreate the RLS policies
+create policy "Allow users insert their device tokens" on public.fcm_tokens
   for insert with check (auth.uid() = user_id);
 
-create policy if not exists "Allow users delete their device tokens" on public.fcm_tokens
+create policy "Allow users delete their device tokens" on public.fcm_tokens
   for delete using (auth.uid() = user_id);
 
-create policy if not exists "Allow users update their device tokens" on public.fcm_tokens
+create policy "Allow users update their device tokens" on public.fcm_tokens
-  for update using (auth.uid() = user_id) with check (auth.uid() = user_id);
+  for update using (auth.uid() = user_id) with check (auth.uid() = user_id);

supabase/migrations/20260228190000_allow_task_activity_logs_authenticated_inserts.sql

@@ -1,36 +1,31 @@
--- Ensure authenticated users can insert into task_activity_logs
--- Idempotent: drops and re-creates a permissive INSERT policy for `authenticated`.
-
 DO $$
 BEGIN
-  -- Ensure table exists
+  -- 1. Ensure table exists
-  IF NOT EXISTS (SELECT 1 FROM information_schema.tables WHERE table_name='task_activity_logs') THEN
+  IF NOT EXISTS (
+    SELECT 1 FROM information_schema.tables 
+    WHERE table_schema = 'public' AND table_name = 'task_activity_logs'
+  ) THEN
     RAISE NOTICE 'table task_activity_logs does not exist; skipping policy creation';
     RETURN;
   END IF;
 
-  -- Enable row level security (idempotent)
+  -- 2. Enable row level security (idempotent)
   EXECUTE 'ALTER TABLE IF EXISTS public.task_activity_logs ENABLE ROW LEVEL SECURITY';
 
-  -- Drop any existing permissive insert policy we manage
+  -- 3. Drop existing policies to ensure idempotency
-  IF EXISTS (
+  -- (PostgreSQL handles IF EXISTS perfectly here, no need for complex catalog queries)
-    SELECT 1 FROM pg_policies
+  EXECUTE 'DROP POLICY IF EXISTS allow_auth_inserts_all ON public.task_activity_logs';
-    WHERE polname = 'allow_auth_inserts_all'
+  EXECUTE 'DROP POLICY IF EXISTS allow_service_role_all ON public.task_activity_logs';
-      AND polrelid = 'public.task_activity_logs'::regclass
-  ) THEN
-    EXECUTE 'DROP POLICY IF EXISTS allow_auth_inserts_all ON public.task_activity_logs';
-  END IF;
 
-  -- Create a permissive INSERT policy for authenticated users
+  -- 4. Create a permissive INSERT policy for authenticated users
-  EXECUTE 'CREATE POLICY allow_auth_inserts_all ON public.task_activity_logs FOR INSERT TO authenticated USING (true) WITH CHECK (true)';
+  -- (Removed USING clause, as FOR INSERT only accepts WITH CHECK)
+  EXECUTE 'CREATE POLICY allow_auth_inserts_all ON public.task_activity_logs 
+           FOR INSERT TO authenticated WITH CHECK (true)';
+
+  -- 5. Create a permissive ALL policy for the service_role
+  -- (Corrected TO clause from 'authenticated' to 'service_role')
+  EXECUTE 'CREATE POLICY allow_service_role_all ON public.task_activity_logs 
+           FOR ALL TO service_role USING (true) WITH CHECK (true)';
 
-  -- Also allow the service_role for function-based inserts (optional)
-  IF NOT EXISTS (
-    SELECT 1 FROM pg_policies
-    WHERE polname = 'allow_service_role_all'
-      AND polrelid = 'public.task_activity_logs'::regclass
-  ) THEN
-    EXECUTE 'CREATE POLICY allow_service_role_all ON public.task_activity_logs FOR ALL TO authenticated USING (true) WITH CHECK (true)';
-  END IF;
 END
-$$;
+$$;

supabase/migrations/20260228191000_fix_task_activity_logs_policy.sql

@@ -1,15 +1,21 @@
--- Recreate a permissive INSERT policy for authenticated users on task_activity_logs
--- Idempotent: drops existing policy and recreates it.
-
 DO $$
 BEGIN
-  IF EXISTS (SELECT 1 FROM information_schema.tables WHERE table_name='task_activity_logs') THEN
+  -- Check specifically in the 'public' schema
-    -- enable RLS (idempotent)
+  IF EXISTS (
+    SELECT 1 FROM information_schema.tables 
+    WHERE table_schema = 'public' AND table_name = 'task_activity_logs'
+  ) THEN
+  
+    -- Enable RLS (idempotent)
     EXECUTE 'ALTER TABLE IF EXISTS public.task_activity_logs ENABLE ROW LEVEL SECURITY';
 
-    -- drop any old policy and recreate permissive insert policy for authenticated role
+    -- Drop any old policy and recreate permissive insert policy for authenticated role
     EXECUTE 'DROP POLICY IF EXISTS allow_authenticated_inserts ON public.task_activity_logs';
-    EXECUTE 'CREATE POLICY allow_authenticated_inserts ON public.task_activity_logs FOR INSERT TO authenticated USING (true) WITH CHECK (true)';
+    
+    -- CREATE POLICY for INSERT strictly uses WITH CHECK
+    EXECUTE 'CREATE POLICY allow_authenticated_inserts ON public.task_activity_logs 
+             FOR INSERT TO authenticated WITH CHECK (true)';
+             
   END IF;
 END
-$$;
+$$;