fix(RLS): more secure

associationlicencebiomad · Nov 14, 2023 · ed8e2bb · ed8e2bb · vercel · Nov 14, 2023
1 parent 0373cbb
commit ed8e2bb
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 4 deletions.
diff --git a/supabase/migrations/20230130134804_merged_migrations_before_supabaseCLI.sql b/supabase/migrations/20230130134804_merged_migrations_before_supabaseCLI.sql
@@ -30,7 +30,7 @@ CREATE EXTENSION IF NOT EXISTS "pgsodium" WITH SCHEMA "pgsodium";
 -- *not* creating schema, since initdb creates it
 
 
-ALTER SCHEMA "public" OWNER TO "postgres";
+-- ALTER SCHEMA "public" OWNER TO "postgres";
 
 --
 -- Name: pg_graphql; Type: EXTENSION; Schema: -; Owner: -
@@ -118,7 +118,7 @@ CREATE FUNCTION "public"."get_professors_ranking"("param_user_id" "uuid" DEFAULT
 		  end;$$;
 
 
-ALTER FUNCTION "public"."get_professors_ranking"("param_user_id" "uuid") OWNER TO "postgres";
+-- ALTER FUNCTION "public"."get_professors_ranking"("param_user_id" "uuid") OWNER TO "postgres";
 
 --
 -- Name: handle_new_user(); Type: FUNCTION; Schema: public; Owner: postgres
@@ -159,8 +159,6 @@ END;
 $$;
 
 
-ALTER FUNCTION "public"."trigger_set_timestamp"() OWNER TO "supabase_admin";
-
 --
 -- Name: fr; Type: TEXT SEARCH CONFIGURATION; Schema: public; Owner: postgres
 --

diff --git a/supabase/migrations/20231114082321_addRLS.sql b/supabase/migrations/20231114082321_addRLS.sql
@@ -0,0 +1,29 @@
+-- add rls for godparents
+create policy "godparents publicly visible" on "public"."godparents" for all using (true) with check (true);
+create policy "user can edit godparents" on "public"."godparents" for update using (auth.uid() = "user_id");
+alter table "public"."godparents" enable row level security;
+
+-- add rls for memberships
+create policy "memberships is restricted to user" on "public"."memberships" for all using (auth.uid() = "user_id");
+alter table "public"."memberships" enable row level security;
+
+-- add rls for migrations
+create policy "migrations is private" on "public"."migrations" for all using (false);
+
+-- add rls for professors
+create policy "professors is visible to authenticated users" on "public"."professors" for all using (auth.uid() is not null);
+create policy "professors isn't editable" on "public"."professors" for update using (false);
+alter table "public"."professors" enable row level security;
+
+-- add rls for professors_ranking
+create policy "professors_ranking is visible to authenticated users" on "public"."professors_ranking" for all using (auth.uid() is not null);
+create policy "professors_ranking is modifiable by owner" on "public"."professors_ranking" for update using (auth.uid() = "user_id");
+alter table "public"."professors_ranking" enable row level security;
+
+-- add rls for promos
+drop policy if exists "Promos are viewable by everyone." on "public"."promos";
+create policy "promos is readable by everyone" on "public"."promos" for all using (true);
+create policy "promos isn't editable" on "public"."promos" for update using (false);
+alter table "public"."promos" enable row level security;
+
+