45 lines
1.7 KiB
SQL
45 lines
1.7 KiB
SQL
-- RLS policies for swap_request_participants
|
|
-- Allow participants, swap owners and admins/dispatchers to view/insert participant rows
|
|
|
|
ALTER TABLE public.swap_request_participants ENABLE ROW LEVEL SECURITY;
|
|
|
|
-- SELECT: participants, swap requester/recipient, admins/dispatchers
|
|
DROP POLICY IF EXISTS "Swap participants: select" ON public.swap_request_participants;
|
|
CREATE POLICY "Swap participants: select" ON public.swap_request_participants
|
|
FOR SELECT
|
|
USING (
|
|
user_id = auth.uid()
|
|
OR EXISTS (
|
|
SELECT 1 FROM public.profiles p WHERE p.id = auth.uid() AND p.role IN ('admin','dispatcher')
|
|
)
|
|
OR EXISTS (
|
|
SELECT 1 FROM public.swap_requests s WHERE s.id = swap_request_id AND (s.requester_id = auth.uid() OR s.recipient_id = auth.uid())
|
|
)
|
|
);
|
|
|
|
-- INSERT: allow user to insert their own participant row, or allow admins/dispatchers
|
|
DROP POLICY IF EXISTS "Swap participants: insert" ON public.swap_request_participants;
|
|
CREATE POLICY "Swap participants: insert" ON public.swap_request_participants
|
|
FOR INSERT
|
|
WITH CHECK (
|
|
user_id = auth.uid()
|
|
OR EXISTS (
|
|
SELECT 1 FROM public.profiles p WHERE p.id = auth.uid() AND p.role IN ('admin','dispatcher')
|
|
)
|
|
);
|
|
|
|
-- UPDATE/DELETE: only admins can modify or remove participant rows
|
|
DROP POLICY IF EXISTS "Swap participants: admin manage" ON public.swap_request_participants;
|
|
CREATE POLICY "Swap participants: admin manage" ON public.swap_request_participants
|
|
FOR ALL
|
|
USING (
|
|
EXISTS (
|
|
SELECT 1 FROM public.profiles p WHERE p.id = auth.uid() AND p.role = 'admin'
|
|
)
|
|
)
|
|
WITH CHECK (
|
|
EXISTS (
|
|
SELECT 1 FROM public.profiles p WHERE p.id = auth.uid() AND p.role = 'admin'
|
|
)
|
|
);
|