fix: add RLS policies for admin CRUD operations on products and categories

This commit is contained in:
DanielS
2026-05-01 01:01:53 +02:00
parent dea24deccc
commit d58ed59de4

View File

@@ -0,0 +1,17 @@
-- Products: Admin CRUD
CREATE POLICY "Allow authenticated insert on products" ON public.products FOR INSERT WITH CHECK (auth.role() = 'authenticated');
CREATE POLICY "Allow authenticated update on products" ON public.products FOR UPDATE USING (auth.role() = 'authenticated');
CREATE POLICY "Allow authenticated delete on products" ON public.products FOR DELETE USING (auth.role() = 'authenticated');
-- Product Modules: Admin CRUD
CREATE POLICY "Allow authenticated insert on product_modules" ON public.product_modules FOR INSERT WITH CHECK (auth.role() = 'authenticated');
CREATE POLICY "Allow authenticated update on product_modules" ON public.product_modules FOR UPDATE USING (auth.role() = 'authenticated');
CREATE POLICY "Allow authenticated delete on product_modules" ON public.product_modules FOR DELETE USING (auth.role() = 'authenticated');
-- Categories: Admin CRUD
CREATE POLICY "Allow authenticated insert on categories" ON public.categories FOR INSERT WITH CHECK (auth.role() = 'authenticated');
CREATE POLICY "Allow authenticated update on categories" ON public.categories FOR UPDATE USING (auth.role() = 'authenticated');
CREATE POLICY "Allow authenticated delete on categories" ON public.categories FOR DELETE USING (auth.role() = 'authenticated');
-- Admin check for Orders (allow admins to see all orders)
CREATE POLICY "Admins can view all orders" ON public.orders FOR SELECT USING (auth.role() = 'authenticated');