From 3a7308349407e555f04fabca62567e7218b185d5 Mon Sep 17 00:00:00 2001 From: DanielS Date: Mon, 6 Jul 2026 22:57:18 +0200 Subject: [PATCH] fix(supabase): remove invalid public.partners reference in migration --- .brain/adr-log.md | 10 ++++ .brain/index.md | 4 ++ .brain/supabase-schema.md | 48 +++++++++++++++++++ ...260706220000_fix_critical_rls_policies.sql | 6 --- 4 files changed, 62 insertions(+), 6 deletions(-) create mode 100644 .brain/adr-log.md create mode 100644 .brain/index.md create mode 100644 .brain/supabase-schema.md diff --git a/.brain/adr-log.md b/.brain/adr-log.md new file mode 100644 index 0000000..1c3578f --- /dev/null +++ b/.brain/adr-log.md @@ -0,0 +1,10 @@ +# Architecture Decision Records (ADR) Log + +## ADR-001: RLS-Policies und Schema-Fix +- **Status**: Accepted +- **Date**: 2026-07-06 +- **Context**: RLS-Sicherheitsprüfung ergab Sicherheitsrisiken und einen Syntaxfehler durch den Verweis auf die nicht existierende Tabelle `public.partners`. +- **Decision**: + - Die ungültige RLS-Policy auf `public.partners` wurde entfernt. + - `public.companies` wird stattdessen korrekt durch `Admin manage companies` geschützt. +- **Consequences**: Behebt Migrations-Fehler im Staging-Server, CI/CD-Pipeline baut wieder fehlerfrei. diff --git a/.brain/index.md b/.brain/index.md new file mode 100644 index 0000000..172a6ec --- /dev/null +++ b/.brain/index.md @@ -0,0 +1,4 @@ +# Second Brain Wiki + +- [Supabase Schema](file:///c:/source/webshop/.brain/supabase-schema.md) +- [ADR Log](file:///c:/source/webshop/.brain/adr-log.md) diff --git a/.brain/supabase-schema.md b/.brain/supabase-schema.md new file mode 100644 index 0000000..639fd23 --- /dev/null +++ b/.brain/supabase-schema.md @@ -0,0 +1,48 @@ +# Supabase Schema + +## `companies` (Unternehmen) +- Repräsentiert die Partner-Unternehmen (Retailer). +- `id` (UUID, Primary Key) +- `name` (TEXT) +- `street`, `zip`, `city`, `email` (Adressdaten) + +## `users` (Systembenutzer) +- Erweitert die Authentifizierungsdaten aus `auth.users`. +- `id` (UUID, References `auth.users(id)`) +- `role` (TEXT, standardmäßig `'partner'`, oder `'admin'`) +- `company_id` (UUID, References `public.companies(id)`) + +## `profiles` (Benutzerprofile) +- Stammdaten der einzelnen Benutzer. +- `id` (UUID, References `auth.users(id)`) +- `first_name`, `last_name`, `email` etc. + +## `end_customers` (Endkunden) +- `id` (UUID, Primary Key) +- `partner_id` (UUID, References `public.companies(id)`) +- `company_name` (TEXT) +- `first_name`, `last_name`, `street`, `zip`, `city`, `email` +- `bank_iban`, `bank_bic`, `bank_name`, `bank_owner` +- `is_anonymized` (BOOLEAN) + +## `products` (Katalogprodukte) +- `id`, `name`, `base_price`, `tax_rate`, `billing_interval` (`one_time` / `monthly`). +- `requirements` (UUID[]) +- `exclusions` (UUID[]) + +## `product_modules` (Zusatzmodule) +- `id`, `product_id` (References `products`), `name`, `price`, `has_quantity` (BOOLEAN). +- `requirements` (UUID[]) +- `exclusions` (UUID[]) + +## `orders` (Bestellungen / Anfragen) +- `id` (UUID, Primary Key) +- `user_id` (UUID, References `auth.users(id)`) +- `order_number` (TEXT) +- `order_hash` (TEXT) +- `end_customer_id` (UUID, References `end_customers(id)`) +- `total_price` (DECIMAL) +- `customer_data` (JSONB) +- `order_data` (JSONB) +- `pdf_url` (TEXT) +- `status` (TEXT) diff --git a/shop/supabase/migrations/20260706220000_fix_critical_rls_policies.sql b/shop/supabase/migrations/20260706220000_fix_critical_rls_policies.sql index 215837a..e502fcc 100644 --- a/shop/supabase/migrations/20260706220000_fix_critical_rls_policies.sql +++ b/shop/supabase/migrations/20260706220000_fix_critical_rls_policies.sql @@ -73,18 +73,12 @@ CREATE POLICY "Admin write settings" ON public.settings FOR ALL -- ═══════════════════════════════════════════════════════════════════════════════ DROP POLICY IF EXISTS "Service role kann alles Unternehmen" ON public.companies; -DROP POLICY IF EXISTS "Service role kann alles Partner" ON public.partners; -- Admin-only write access for companies CREATE POLICY "Admin manage companies" ON public.companies FOR ALL USING ((SELECT role FROM public.users WHERE id = auth.uid()) = 'admin') WITH CHECK ((SELECT role FROM public.users WHERE id = auth.uid()) = 'admin'); --- Admin-only write access for partners -CREATE POLICY "Admin manage partners" ON public.partners FOR ALL - USING ((SELECT role FROM public.users WHERE id = auth.uid()) = 'admin') - WITH CHECK ((SELECT role FROM public.users WHERE id = auth.uid()) = 'admin'); - -- ═══════════════════════════════════════════════════════════════════════════════ -- 6. Orders: Add INSERT policy with company_id check -- ═══════════════════════════════════════════════════════════════════════════════