fix(supabase): remove invalid public.partners reference in migration
All checks were successful
Staging Build / build (push) Successful in 2m39s
All checks were successful
Staging Build / build (push) Successful in 2m39s
This commit is contained in:
10
.brain/adr-log.md
Normal file
10
.brain/adr-log.md
Normal file
@@ -0,0 +1,10 @@
|
||||
# Architecture Decision Records (ADR) Log
|
||||
|
||||
## ADR-001: RLS-Policies und Schema-Fix
|
||||
- **Status**: Accepted
|
||||
- **Date**: 2026-07-06
|
||||
- **Context**: RLS-Sicherheitsprüfung ergab Sicherheitsrisiken und einen Syntaxfehler durch den Verweis auf die nicht existierende Tabelle `public.partners`.
|
||||
- **Decision**:
|
||||
- Die ungültige RLS-Policy auf `public.partners` wurde entfernt.
|
||||
- `public.companies` wird stattdessen korrekt durch `Admin manage companies` geschützt.
|
||||
- **Consequences**: Behebt Migrations-Fehler im Staging-Server, CI/CD-Pipeline baut wieder fehlerfrei.
|
||||
4
.brain/index.md
Normal file
4
.brain/index.md
Normal file
@@ -0,0 +1,4 @@
|
||||
# Second Brain Wiki
|
||||
|
||||
- [Supabase Schema](file:///c:/source/webshop/.brain/supabase-schema.md)
|
||||
- [ADR Log](file:///c:/source/webshop/.brain/adr-log.md)
|
||||
48
.brain/supabase-schema.md
Normal file
48
.brain/supabase-schema.md
Normal file
@@ -0,0 +1,48 @@
|
||||
# Supabase Schema
|
||||
|
||||
## `companies` (Unternehmen)
|
||||
- Repräsentiert die Partner-Unternehmen (Retailer).
|
||||
- `id` (UUID, Primary Key)
|
||||
- `name` (TEXT)
|
||||
- `street`, `zip`, `city`, `email` (Adressdaten)
|
||||
|
||||
## `users` (Systembenutzer)
|
||||
- Erweitert die Authentifizierungsdaten aus `auth.users`.
|
||||
- `id` (UUID, References `auth.users(id)`)
|
||||
- `role` (TEXT, standardmäßig `'partner'`, oder `'admin'`)
|
||||
- `company_id` (UUID, References `public.companies(id)`)
|
||||
|
||||
## `profiles` (Benutzerprofile)
|
||||
- Stammdaten der einzelnen Benutzer.
|
||||
- `id` (UUID, References `auth.users(id)`)
|
||||
- `first_name`, `last_name`, `email` etc.
|
||||
|
||||
## `end_customers` (Endkunden)
|
||||
- `id` (UUID, Primary Key)
|
||||
- `partner_id` (UUID, References `public.companies(id)`)
|
||||
- `company_name` (TEXT)
|
||||
- `first_name`, `last_name`, `street`, `zip`, `city`, `email`
|
||||
- `bank_iban`, `bank_bic`, `bank_name`, `bank_owner`
|
||||
- `is_anonymized` (BOOLEAN)
|
||||
|
||||
## `products` (Katalogprodukte)
|
||||
- `id`, `name`, `base_price`, `tax_rate`, `billing_interval` (`one_time` / `monthly`).
|
||||
- `requirements` (UUID[])
|
||||
- `exclusions` (UUID[])
|
||||
|
||||
## `product_modules` (Zusatzmodule)
|
||||
- `id`, `product_id` (References `products`), `name`, `price`, `has_quantity` (BOOLEAN).
|
||||
- `requirements` (UUID[])
|
||||
- `exclusions` (UUID[])
|
||||
|
||||
## `orders` (Bestellungen / Anfragen)
|
||||
- `id` (UUID, Primary Key)
|
||||
- `user_id` (UUID, References `auth.users(id)`)
|
||||
- `order_number` (TEXT)
|
||||
- `order_hash` (TEXT)
|
||||
- `end_customer_id` (UUID, References `end_customers(id)`)
|
||||
- `total_price` (DECIMAL)
|
||||
- `customer_data` (JSONB)
|
||||
- `order_data` (JSONB)
|
||||
- `pdf_url` (TEXT)
|
||||
- `status` (TEXT)
|
||||
@@ -73,18 +73,12 @@ CREATE POLICY "Admin write settings" ON public.settings FOR ALL
|
||||
-- ═══════════════════════════════════════════════════════════════════════════════
|
||||
|
||||
DROP POLICY IF EXISTS "Service role kann alles Unternehmen" ON public.companies;
|
||||
DROP POLICY IF EXISTS "Service role kann alles Partner" ON public.partners;
|
||||
|
||||
-- Admin-only write access for companies
|
||||
CREATE POLICY "Admin manage companies" ON public.companies FOR ALL
|
||||
USING ((SELECT role FROM public.users WHERE id = auth.uid()) = 'admin')
|
||||
WITH CHECK ((SELECT role FROM public.users WHERE id = auth.uid()) = 'admin');
|
||||
|
||||
-- Admin-only write access for partners
|
||||
CREATE POLICY "Admin manage partners" ON public.partners FOR ALL
|
||||
USING ((SELECT role FROM public.users WHERE id = auth.uid()) = 'admin')
|
||||
WITH CHECK ((SELECT role FROM public.users WHERE id = auth.uid()) = 'admin');
|
||||
|
||||
-- ═══════════════════════════════════════════════════════════════════════════════
|
||||
-- 6. Orders: Add INSERT policy with company_id check
|
||||
-- ═══════════════════════════════════════════════════════════════════════════════
|
||||
|
||||
Reference in New Issue
Block a user