50 lines
1.3 KiB
SQL
50 lines
1.3 KiB
SQL
-- Row-level security for teams and team_members
|
|
|
|
-- Enable RLS on teams and team_members
|
|
ALTER TABLE public.teams ENABLE ROW LEVEL SECURITY;
|
|
ALTER TABLE public.team_members ENABLE ROW LEVEL SECURITY;
|
|
|
|
-- Allow only profiles with role = 'admin' to select/manage teams
|
|
CREATE POLICY "Admins can manage teams (select)" ON public.teams
|
|
FOR SELECT
|
|
USING (
|
|
EXISTS (
|
|
SELECT 1 FROM public.profiles p WHERE p.id = auth.uid() AND p.role = 'admin'
|
|
)
|
|
);
|
|
|
|
CREATE POLICY "Admins can manage teams (write)" ON public.teams
|
|
FOR ALL
|
|
USING (
|
|
EXISTS (
|
|
SELECT 1 FROM public.profiles p WHERE p.id = auth.uid() AND p.role = 'admin'
|
|
)
|
|
)
|
|
WITH CHECK (
|
|
EXISTS (
|
|
SELECT 1 FROM public.profiles p WHERE p.id = auth.uid() AND p.role = 'admin'
|
|
)
|
|
);
|
|
|
|
-- Policies for team_members (admin-only management)
|
|
CREATE POLICY "Admins can manage team_members (select)" ON public.team_members
|
|
FOR SELECT
|
|
USING (
|
|
EXISTS (
|
|
SELECT 1 FROM public.profiles p WHERE p.id = auth.uid() AND p.role = 'admin'
|
|
)
|
|
);
|
|
|
|
CREATE POLICY "Admins can manage team_members (write)" ON public.team_members
|
|
FOR ALL
|
|
USING (
|
|
EXISTS (
|
|
SELECT 1 FROM public.profiles p WHERE p.id = auth.uid() AND p.role = 'admin'
|
|
)
|
|
)
|
|
WITH CHECK (
|
|
EXISTS (
|
|
SELECT 1 FROM public.profiles p WHERE p.id = auth.uid() AND p.role = 'admin'
|
|
)
|
|
);
|