fix: add RLS policies for admin CRUD operations on products and categories
This commit is contained in:
@@ -0,0 +1,17 @@
|
||||
-- Products: Admin CRUD
|
||||
CREATE POLICY "Allow authenticated insert on products" ON public.products FOR INSERT WITH CHECK (auth.role() = 'authenticated');
|
||||
CREATE POLICY "Allow authenticated update on products" ON public.products FOR UPDATE USING (auth.role() = 'authenticated');
|
||||
CREATE POLICY "Allow authenticated delete on products" ON public.products FOR DELETE USING (auth.role() = 'authenticated');
|
||||
|
||||
-- Product Modules: Admin CRUD
|
||||
CREATE POLICY "Allow authenticated insert on product_modules" ON public.product_modules FOR INSERT WITH CHECK (auth.role() = 'authenticated');
|
||||
CREATE POLICY "Allow authenticated update on product_modules" ON public.product_modules FOR UPDATE USING (auth.role() = 'authenticated');
|
||||
CREATE POLICY "Allow authenticated delete on product_modules" ON public.product_modules FOR DELETE USING (auth.role() = 'authenticated');
|
||||
|
||||
-- Categories: Admin CRUD
|
||||
CREATE POLICY "Allow authenticated insert on categories" ON public.categories FOR INSERT WITH CHECK (auth.role() = 'authenticated');
|
||||
CREATE POLICY "Allow authenticated update on categories" ON public.categories FOR UPDATE USING (auth.role() = 'authenticated');
|
||||
CREATE POLICY "Allow authenticated delete on categories" ON public.categories FOR DELETE USING (auth.role() = 'authenticated');
|
||||
|
||||
-- Admin check for Orders (allow admins to see all orders)
|
||||
CREATE POLICY "Admins can view all orders" ON public.orders FOR SELECT USING (auth.role() = 'authenticated');
|
||||
Reference in New Issue
Block a user