Spaces:
Sleeping
Sleeping
Merge branch 'main' of https://huggingface.co/spaces/gaurv007/ClauseGuard
Browse files- web/lib/supabase/admin-schema.sql +0 -47
- web/lib/supabase/schema.sql +58 -28
web/lib/supabase/admin-schema.sql
DELETED
|
@@ -1,47 +0,0 @@
|
|
| 1 |
-
-- ClauseGuard β Admin Schema Extension
|
| 2 |
-
-- Run AFTER the main schema.sql
|
| 3 |
-
|
| 4 |
-
-- Add role column to profiles
|
| 5 |
-
ALTER TABLE public.profiles ADD COLUMN IF NOT EXISTS role TEXT DEFAULT 'user' CHECK (role IN ('user', 'admin'));
|
| 6 |
-
|
| 7 |
-
-- Add is_banned column
|
| 8 |
-
ALTER TABLE public.profiles ADD COLUMN IF NOT EXISTS is_banned BOOLEAN DEFAULT false;
|
| 9 |
-
|
| 10 |
-
-- Set admin
|
| 11 |
-
UPDATE public.profiles SET role = 'admin' WHERE email = 'ankygaur9972@gmail.com';
|
| 12 |
-
|
| 13 |
-
-- Activity log
|
| 14 |
-
CREATE TABLE IF NOT EXISTS public.admin_logs (
|
| 15 |
-
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
| 16 |
-
admin_id UUID REFERENCES auth.users NOT NULL,
|
| 17 |
-
action TEXT NOT NULL,
|
| 18 |
-
target_type TEXT, -- 'user', 'team', 'scan', 'api_key', 'rule'
|
| 19 |
-
target_id TEXT,
|
| 20 |
-
details JSONB,
|
| 21 |
-
created_at TIMESTAMPTZ DEFAULT NOW()
|
| 22 |
-
);
|
| 23 |
-
|
| 24 |
-
CREATE INDEX IF NOT EXISTS idx_admin_logs_created ON public.admin_logs(created_at DESC);
|
| 25 |
-
|
| 26 |
-
-- Admin RLS: admins can read all tables
|
| 27 |
-
CREATE POLICY "Admins can read all profiles" ON public.profiles FOR SELECT
|
| 28 |
-
USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));
|
| 29 |
-
|
| 30 |
-
CREATE POLICY "Admins can update all profiles" ON public.profiles FOR UPDATE
|
| 31 |
-
USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));
|
| 32 |
-
|
| 33 |
-
CREATE POLICY "Admins can read all analyses" ON public.analyses FOR SELECT
|
| 34 |
-
USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));
|
| 35 |
-
|
| 36 |
-
CREATE POLICY "Admins can read all teams" ON public.teams FOR SELECT
|
| 37 |
-
USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));
|
| 38 |
-
|
| 39 |
-
CREATE POLICY "Admins can read all api_keys" ON public.api_keys FOR SELECT
|
| 40 |
-
USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));
|
| 41 |
-
|
| 42 |
-
CREATE POLICY "Admins can read all custom_rules" ON public.custom_rules FOR SELECT
|
| 43 |
-
USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));
|
| 44 |
-
|
| 45 |
-
ALTER TABLE public.admin_logs ENABLE ROW LEVEL SECURITY;
|
| 46 |
-
CREATE POLICY "Admins can manage logs" ON public.admin_logs FOR ALL
|
| 47 |
-
USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
web/lib/supabase/schema.sql
CHANGED
|
@@ -1,6 +1,18 @@
|
|
| 1 |
-
-- ClauseGuard β Full Database Schema
|
|
|
|
| 2 |
|
| 3 |
-
-- βββ
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4 |
CREATE TABLE IF NOT EXISTS public.profiles (
|
| 5 |
id UUID REFERENCES auth.users ON DELETE CASCADE PRIMARY KEY,
|
| 6 |
email TEXT,
|
|
@@ -8,6 +20,8 @@ CREATE TABLE IF NOT EXISTS public.profiles (
|
|
| 8 |
avatar_url TEXT,
|
| 9 |
razorpay_subscription_id TEXT,
|
| 10 |
plan TEXT DEFAULT 'free' CHECK (plan IN ('free', 'pro', 'team')),
|
|
|
|
|
|
|
| 11 |
team_id UUID REFERENCES public.teams(id) ON DELETE SET NULL,
|
| 12 |
analyses_this_month INT DEFAULT 0,
|
| 13 |
monthly_reset_at TIMESTAMPTZ DEFAULT date_trunc('month', NOW()),
|
|
@@ -15,17 +29,7 @@ CREATE TABLE IF NOT EXISTS public.profiles (
|
|
| 15 |
updated_at TIMESTAMPTZ DEFAULT NOW()
|
| 16 |
);
|
| 17 |
|
| 18 |
-
-- βββ
|
| 19 |
-
CREATE TABLE IF NOT EXISTS public.teams (
|
| 20 |
-
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
| 21 |
-
name TEXT NOT NULL,
|
| 22 |
-
owner_id UUID REFERENCES auth.users NOT NULL,
|
| 23 |
-
plan TEXT DEFAULT 'team',
|
| 24 |
-
max_seats INT DEFAULT 5,
|
| 25 |
-
razorpay_subscription_id TEXT,
|
| 26 |
-
created_at TIMESTAMPTZ DEFAULT NOW()
|
| 27 |
-
);
|
| 28 |
-
|
| 29 |
CREATE TABLE IF NOT EXISTS public.team_invites (
|
| 30 |
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
| 31 |
team_id UUID REFERENCES public.teams ON DELETE CASCADE NOT NULL,
|
|
@@ -38,7 +42,7 @@ CREATE TABLE IF NOT EXISTS public.team_invites (
|
|
| 38 |
UNIQUE(team_id, email)
|
| 39 |
);
|
| 40 |
|
| 41 |
-
-- βββ Analyses βββ
|
| 42 |
CREATE TABLE IF NOT EXISTS public.analyses (
|
| 43 |
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
| 44 |
user_id UUID REFERENCES public.profiles ON DELETE CASCADE NOT NULL,
|
|
@@ -53,36 +57,47 @@ CREATE TABLE IF NOT EXISTS public.analyses (
|
|
| 53 |
created_at TIMESTAMPTZ DEFAULT NOW()
|
| 54 |
);
|
| 55 |
|
| 56 |
-
-- βββ API Keys βββ
|
| 57 |
CREATE TABLE IF NOT EXISTS public.api_keys (
|
| 58 |
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
| 59 |
user_id UUID REFERENCES public.profiles ON DELETE CASCADE NOT NULL,
|
| 60 |
team_id UUID REFERENCES public.teams ON DELETE CASCADE,
|
| 61 |
name TEXT NOT NULL,
|
| 62 |
key_hash TEXT NOT NULL UNIQUE,
|
| 63 |
-
key_prefix TEXT NOT NULL,
|
| 64 |
calls_this_month INT DEFAULT 0,
|
| 65 |
-
calls_limit INT DEFAULT 1000,
|
| 66 |
last_used_at TIMESTAMPTZ,
|
| 67 |
is_active BOOLEAN DEFAULT true,
|
| 68 |
created_at TIMESTAMPTZ DEFAULT NOW()
|
| 69 |
);
|
| 70 |
|
| 71 |
-
-- βββ Custom Clause Rules βββ
|
| 72 |
CREATE TABLE IF NOT EXISTS public.custom_rules (
|
| 73 |
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
| 74 |
user_id UUID REFERENCES public.profiles ON DELETE CASCADE,
|
| 75 |
team_id UUID REFERENCES public.teams ON DELETE CASCADE,
|
| 76 |
name TEXT NOT NULL,
|
| 77 |
description TEXT,
|
| 78 |
-
pattern TEXT NOT NULL,
|
| 79 |
severity TEXT DEFAULT 'MEDIUM' CHECK (severity IN ('HIGH', 'MEDIUM', 'LOW')),
|
| 80 |
-
category TEXT NOT NULL,
|
| 81 |
is_active BOOLEAN DEFAULT true,
|
| 82 |
created_at TIMESTAMPTZ DEFAULT NOW(),
|
| 83 |
updated_at TIMESTAMPTZ DEFAULT NOW()
|
| 84 |
);
|
| 85 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 86 |
-- βββ Indexes βββ
|
| 87 |
CREATE INDEX IF NOT EXISTS idx_analyses_user_id ON public.analyses(user_id);
|
| 88 |
CREATE INDEX IF NOT EXISTS idx_analyses_team_id ON public.analyses(team_id);
|
|
@@ -92,6 +107,7 @@ CREATE INDEX IF NOT EXISTS idx_api_keys_user_id ON public.api_keys(user_id);
|
|
| 92 |
CREATE INDEX IF NOT EXISTS idx_team_invites_email ON public.team_invites(email);
|
| 93 |
CREATE INDEX IF NOT EXISTS idx_custom_rules_user_id ON public.custom_rules(user_id);
|
| 94 |
CREATE INDEX IF NOT EXISTS idx_custom_rules_team_id ON public.custom_rules(team_id);
|
|
|
|
| 95 |
|
| 96 |
-- βββ Row Level Security βββ
|
| 97 |
ALTER TABLE public.profiles ENABLE ROW LEVEL SECURITY;
|
|
@@ -100,37 +116,47 @@ ALTER TABLE public.teams ENABLE ROW LEVEL SECURITY;
|
|
| 100 |
ALTER TABLE public.team_invites ENABLE ROW LEVEL SECURITY;
|
| 101 |
ALTER TABLE public.api_keys ENABLE ROW LEVEL SECURITY;
|
| 102 |
ALTER TABLE public.custom_rules ENABLE ROW LEVEL SECURITY;
|
|
|
|
| 103 |
|
| 104 |
-- Profiles
|
| 105 |
CREATE POLICY "Users see own profile" ON public.profiles FOR SELECT USING (auth.uid() = id);
|
| 106 |
CREATE POLICY "Users update own profile" ON public.profiles FOR UPDATE USING (auth.uid() = id);
|
|
|
|
|
|
|
| 107 |
|
| 108 |
-
-- Analyses
|
| 109 |
CREATE POLICY "Users see own analyses" ON public.analyses FOR SELECT
|
| 110 |
USING (auth.uid() = user_id OR team_id IN (SELECT team_id FROM public.profiles WHERE id = auth.uid()));
|
| 111 |
CREATE POLICY "Users insert analyses" ON public.analyses FOR INSERT WITH CHECK (auth.uid() = user_id);
|
| 112 |
CREATE POLICY "Users delete own analyses" ON public.analyses FOR DELETE USING (auth.uid() = user_id);
|
|
|
|
| 113 |
|
| 114 |
-
-- Teams
|
| 115 |
CREATE POLICY "Team members can view" ON public.teams FOR SELECT
|
| 116 |
USING (id IN (SELECT team_id FROM public.profiles WHERE id = auth.uid()) OR owner_id = auth.uid());
|
| 117 |
CREATE POLICY "Owner can update team" ON public.teams FOR UPDATE USING (owner_id = auth.uid());
|
|
|
|
| 118 |
|
| 119 |
-
-- Team invites
|
| 120 |
CREATE POLICY "Members see team invites" ON public.team_invites FOR SELECT
|
| 121 |
USING (team_id IN (SELECT team_id FROM public.profiles WHERE id = auth.uid()));
|
| 122 |
-
CREATE POLICY "
|
| 123 |
-
WITH CHECK (invited_by = auth.uid());
|
| 124 |
|
| 125 |
-
-- API Keys
|
| 126 |
CREATE POLICY "Users see own API keys" ON public.api_keys FOR SELECT
|
| 127 |
USING (user_id = auth.uid() OR team_id IN (SELECT team_id FROM public.profiles WHERE id = auth.uid()));
|
| 128 |
CREATE POLICY "Users manage own API keys" ON public.api_keys FOR ALL USING (user_id = auth.uid());
|
|
|
|
| 129 |
|
| 130 |
-
-- Custom Rules
|
| 131 |
CREATE POLICY "Users see own rules" ON public.custom_rules FOR SELECT
|
| 132 |
USING (user_id = auth.uid() OR team_id IN (SELECT team_id FROM public.profiles WHERE id = auth.uid()));
|
| 133 |
CREATE POLICY "Users manage own rules" ON public.custom_rules FOR ALL USING (user_id = auth.uid());
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 134 |
|
| 135 |
-- βββ Auto-create profile on signup βββ
|
| 136 |
CREATE OR REPLACE FUNCTION public.handle_new_user()
|
|
@@ -151,7 +177,11 @@ CREATE TRIGGER on_auth_user_created
|
|
| 151 |
AFTER INSERT ON auth.users
|
| 152 |
FOR EACH ROW EXECUTE FUNCTION public.handle_new_user();
|
| 153 |
|
| 154 |
-
-- βββ
|
|
|
|
|
|
|
|
|
|
|
|
|
| 155 |
CREATE OR REPLACE FUNCTION public.reset_monthly_usage()
|
| 156 |
RETURNS void AS $$
|
| 157 |
BEGIN
|
|
|
|
| 1 |
+
-- ClauseGuard β Full Database Schema
|
| 2 |
+
-- Tables ordered by dependency (no forward references)
|
| 3 |
|
| 4 |
+
-- βββ 1. Teams (no dependencies) βββ
|
| 5 |
+
CREATE TABLE IF NOT EXISTS public.teams (
|
| 6 |
+
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
| 7 |
+
name TEXT NOT NULL,
|
| 8 |
+
owner_id UUID REFERENCES auth.users NOT NULL,
|
| 9 |
+
plan TEXT DEFAULT 'team',
|
| 10 |
+
max_seats INT DEFAULT 5,
|
| 11 |
+
razorpay_subscription_id TEXT,
|
| 12 |
+
created_at TIMESTAMPTZ DEFAULT NOW()
|
| 13 |
+
);
|
| 14 |
+
|
| 15 |
+
-- βββ 2. Profiles (depends on teams) βββ
|
| 16 |
CREATE TABLE IF NOT EXISTS public.profiles (
|
| 17 |
id UUID REFERENCES auth.users ON DELETE CASCADE PRIMARY KEY,
|
| 18 |
email TEXT,
|
|
|
|
| 20 |
avatar_url TEXT,
|
| 21 |
razorpay_subscription_id TEXT,
|
| 22 |
plan TEXT DEFAULT 'free' CHECK (plan IN ('free', 'pro', 'team')),
|
| 23 |
+
role TEXT DEFAULT 'user' CHECK (role IN ('user', 'admin')),
|
| 24 |
+
is_banned BOOLEAN DEFAULT false,
|
| 25 |
team_id UUID REFERENCES public.teams(id) ON DELETE SET NULL,
|
| 26 |
analyses_this_month INT DEFAULT 0,
|
| 27 |
monthly_reset_at TIMESTAMPTZ DEFAULT date_trunc('month', NOW()),
|
|
|
|
| 29 |
updated_at TIMESTAMPTZ DEFAULT NOW()
|
| 30 |
);
|
| 31 |
|
| 32 |
+
-- βββ 3. Team Invites (depends on teams) βββ
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 33 |
CREATE TABLE IF NOT EXISTS public.team_invites (
|
| 34 |
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
| 35 |
team_id UUID REFERENCES public.teams ON DELETE CASCADE NOT NULL,
|
|
|
|
| 42 |
UNIQUE(team_id, email)
|
| 43 |
);
|
| 44 |
|
| 45 |
+
-- βββ 4. Analyses (depends on profiles, teams) βββ
|
| 46 |
CREATE TABLE IF NOT EXISTS public.analyses (
|
| 47 |
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
| 48 |
user_id UUID REFERENCES public.profiles ON DELETE CASCADE NOT NULL,
|
|
|
|
| 57 |
created_at TIMESTAMPTZ DEFAULT NOW()
|
| 58 |
);
|
| 59 |
|
| 60 |
+
-- βββ 5. API Keys (depends on profiles, teams) βββ
|
| 61 |
CREATE TABLE IF NOT EXISTS public.api_keys (
|
| 62 |
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
| 63 |
user_id UUID REFERENCES public.profiles ON DELETE CASCADE NOT NULL,
|
| 64 |
team_id UUID REFERENCES public.teams ON DELETE CASCADE,
|
| 65 |
name TEXT NOT NULL,
|
| 66 |
key_hash TEXT NOT NULL UNIQUE,
|
| 67 |
+
key_prefix TEXT NOT NULL,
|
| 68 |
calls_this_month INT DEFAULT 0,
|
| 69 |
+
calls_limit INT DEFAULT 1000,
|
| 70 |
last_used_at TIMESTAMPTZ,
|
| 71 |
is_active BOOLEAN DEFAULT true,
|
| 72 |
created_at TIMESTAMPTZ DEFAULT NOW()
|
| 73 |
);
|
| 74 |
|
| 75 |
+
-- βββ 6. Custom Clause Rules (depends on profiles, teams) βββ
|
| 76 |
CREATE TABLE IF NOT EXISTS public.custom_rules (
|
| 77 |
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
| 78 |
user_id UUID REFERENCES public.profiles ON DELETE CASCADE,
|
| 79 |
team_id UUID REFERENCES public.teams ON DELETE CASCADE,
|
| 80 |
name TEXT NOT NULL,
|
| 81 |
description TEXT,
|
| 82 |
+
pattern TEXT NOT NULL,
|
| 83 |
severity TEXT DEFAULT 'MEDIUM' CHECK (severity IN ('HIGH', 'MEDIUM', 'LOW')),
|
| 84 |
+
category TEXT NOT NULL,
|
| 85 |
is_active BOOLEAN DEFAULT true,
|
| 86 |
created_at TIMESTAMPTZ DEFAULT NOW(),
|
| 87 |
updated_at TIMESTAMPTZ DEFAULT NOW()
|
| 88 |
);
|
| 89 |
|
| 90 |
+
-- βββ 7. Admin Logs βββ
|
| 91 |
+
CREATE TABLE IF NOT EXISTS public.admin_logs (
|
| 92 |
+
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
| 93 |
+
admin_id UUID REFERENCES auth.users NOT NULL,
|
| 94 |
+
action TEXT NOT NULL,
|
| 95 |
+
target_type TEXT,
|
| 96 |
+
target_id TEXT,
|
| 97 |
+
details JSONB,
|
| 98 |
+
created_at TIMESTAMPTZ DEFAULT NOW()
|
| 99 |
+
);
|
| 100 |
+
|
| 101 |
-- βββ Indexes βββ
|
| 102 |
CREATE INDEX IF NOT EXISTS idx_analyses_user_id ON public.analyses(user_id);
|
| 103 |
CREATE INDEX IF NOT EXISTS idx_analyses_team_id ON public.analyses(team_id);
|
|
|
|
| 107 |
CREATE INDEX IF NOT EXISTS idx_team_invites_email ON public.team_invites(email);
|
| 108 |
CREATE INDEX IF NOT EXISTS idx_custom_rules_user_id ON public.custom_rules(user_id);
|
| 109 |
CREATE INDEX IF NOT EXISTS idx_custom_rules_team_id ON public.custom_rules(team_id);
|
| 110 |
+
CREATE INDEX IF NOT EXISTS idx_admin_logs_created ON public.admin_logs(created_at DESC);
|
| 111 |
|
| 112 |
-- βββ Row Level Security βββ
|
| 113 |
ALTER TABLE public.profiles ENABLE ROW LEVEL SECURITY;
|
|
|
|
| 116 |
ALTER TABLE public.team_invites ENABLE ROW LEVEL SECURITY;
|
| 117 |
ALTER TABLE public.api_keys ENABLE ROW LEVEL SECURITY;
|
| 118 |
ALTER TABLE public.custom_rules ENABLE ROW LEVEL SECURITY;
|
| 119 |
+
ALTER TABLE public.admin_logs ENABLE ROW LEVEL SECURITY;
|
| 120 |
|
| 121 |
-- Profiles
|
| 122 |
CREATE POLICY "Users see own profile" ON public.profiles FOR SELECT USING (auth.uid() = id);
|
| 123 |
CREATE POLICY "Users update own profile" ON public.profiles FOR UPDATE USING (auth.uid() = id);
|
| 124 |
+
CREATE POLICY "Admins read all profiles" ON public.profiles FOR SELECT USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));
|
| 125 |
+
CREATE POLICY "Admins update all profiles" ON public.profiles FOR UPDATE USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));
|
| 126 |
|
| 127 |
+
-- Analyses
|
| 128 |
CREATE POLICY "Users see own analyses" ON public.analyses FOR SELECT
|
| 129 |
USING (auth.uid() = user_id OR team_id IN (SELECT team_id FROM public.profiles WHERE id = auth.uid()));
|
| 130 |
CREATE POLICY "Users insert analyses" ON public.analyses FOR INSERT WITH CHECK (auth.uid() = user_id);
|
| 131 |
CREATE POLICY "Users delete own analyses" ON public.analyses FOR DELETE USING (auth.uid() = user_id);
|
| 132 |
+
CREATE POLICY "Admins read all analyses" ON public.analyses FOR SELECT USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));
|
| 133 |
|
| 134 |
+
-- Teams
|
| 135 |
CREATE POLICY "Team members can view" ON public.teams FOR SELECT
|
| 136 |
USING (id IN (SELECT team_id FROM public.profiles WHERE id = auth.uid()) OR owner_id = auth.uid());
|
| 137 |
CREATE POLICY "Owner can update team" ON public.teams FOR UPDATE USING (owner_id = auth.uid());
|
| 138 |
+
CREATE POLICY "Admins read all teams" ON public.teams FOR SELECT USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));
|
| 139 |
|
| 140 |
+
-- Team invites
|
| 141 |
CREATE POLICY "Members see team invites" ON public.team_invites FOR SELECT
|
| 142 |
USING (team_id IN (SELECT team_id FROM public.profiles WHERE id = auth.uid()));
|
| 143 |
+
CREATE POLICY "Users can invite" ON public.team_invites FOR INSERT WITH CHECK (invited_by = auth.uid());
|
|
|
|
| 144 |
|
| 145 |
+
-- API Keys
|
| 146 |
CREATE POLICY "Users see own API keys" ON public.api_keys FOR SELECT
|
| 147 |
USING (user_id = auth.uid() OR team_id IN (SELECT team_id FROM public.profiles WHERE id = auth.uid()));
|
| 148 |
CREATE POLICY "Users manage own API keys" ON public.api_keys FOR ALL USING (user_id = auth.uid());
|
| 149 |
+
CREATE POLICY "Admins read all api_keys" ON public.api_keys FOR SELECT USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));
|
| 150 |
|
| 151 |
+
-- Custom Rules
|
| 152 |
CREATE POLICY "Users see own rules" ON public.custom_rules FOR SELECT
|
| 153 |
USING (user_id = auth.uid() OR team_id IN (SELECT team_id FROM public.profiles WHERE id = auth.uid()));
|
| 154 |
CREATE POLICY "Users manage own rules" ON public.custom_rules FOR ALL USING (user_id = auth.uid());
|
| 155 |
+
CREATE POLICY "Admins read all rules" ON public.custom_rules FOR SELECT USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));
|
| 156 |
+
|
| 157 |
+
-- Admin Logs
|
| 158 |
+
CREATE POLICY "Admins manage logs" ON public.admin_logs FOR ALL
|
| 159 |
+
USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));
|
| 160 |
|
| 161 |
-- βββ Auto-create profile on signup βββ
|
| 162 |
CREATE OR REPLACE FUNCTION public.handle_new_user()
|
|
|
|
| 177 |
AFTER INSERT ON auth.users
|
| 178 |
FOR EACH ROW EXECUTE FUNCTION public.handle_new_user();
|
| 179 |
|
| 180 |
+
-- βββ Set admin βββ
|
| 181 |
+
-- Run this AFTER your first signup with ankygaur9972@gmail.com:
|
| 182 |
+
-- UPDATE public.profiles SET role = 'admin' WHERE email = 'ankygaur9972@gmail.com';
|
| 183 |
+
|
| 184 |
+
-- βββ Monthly reset function βββ
|
| 185 |
CREATE OR REPLACE FUNCTION public.reset_monthly_usage()
|
| 186 |
RETURNS void AS $$
|
| 187 |
BEGIN
|