42 lines
1.9 KiB
SQL
42 lines
1.9 KiB
SQL
-- ───────────────────────────────────────────────────────────
|
|
-- Fix storage policies:
|
|
-- 1. Add missing UPDATE policy for face-enrollment (needed for upsert)
|
|
-- 2. Remove recursive profiles subqueries from SELECT policies
|
|
-- ───────────────────────────────────────────────────────────
|
|
|
|
-- face-enrollment: allow users to UPDATE (overwrite) their own face photo
|
|
DROP POLICY IF EXISTS "Users can update own face" ON storage.objects;
|
|
CREATE POLICY "Users can update own face"
|
|
ON storage.objects FOR UPDATE
|
|
USING (
|
|
bucket_id = 'face-enrollment'
|
|
AND (storage.foldername(name))[1] = auth.uid()::text
|
|
);
|
|
|
|
-- face-enrollment: fix SELECT to remove recursive profiles subquery
|
|
DROP POLICY IF EXISTS "Users can view own face" ON storage.objects;
|
|
CREATE POLICY "Users can view own face"
|
|
ON storage.objects FOR SELECT
|
|
USING (
|
|
bucket_id = 'face-enrollment'
|
|
AND (storage.foldername(name))[1] = auth.uid()::text
|
|
);
|
|
|
|
-- attendance-verification: allow users to UPDATE (overwrite) their own photo
|
|
DROP POLICY IF EXISTS "Users can update verification photo" ON storage.objects;
|
|
CREATE POLICY "Users can update verification photo"
|
|
ON storage.objects FOR UPDATE
|
|
USING (
|
|
bucket_id = 'attendance-verification'
|
|
AND (storage.foldername(name))[1] = auth.uid()::text
|
|
);
|
|
|
|
-- attendance-verification: fix SELECT to remove recursive profiles subquery
|
|
DROP POLICY IF EXISTS "Users and admins can view verification photos" ON storage.objects;
|
|
CREATE POLICY "Users and admins can view verification photos"
|
|
ON storage.objects FOR SELECT
|
|
USING (
|
|
bucket_id = 'attendance-verification'
|
|
AND (storage.foldername(name))[1] = auth.uid()::text
|
|
);
|