sms entegrasyonu ve ana sayfa işlemleri

2026-01-26 00:19:09 +03:00
parent 1e1baa84ff
commit 5c34df0f09
19 changed files with 1018 additions and 17 deletions
--- a/security_updates.sql
+++ b/security_updates.sql
@@ -0,0 +1,94 @@
+-- SECURITY UPDATES
+-- This script strengthens the RLS policies by enforcing 'admin' role checks
+-- instead of just checking if the user is authenticated.
+
+-- 1. PRODUCTS TABLE
+-- Drop existing loose policies
+DROP POLICY IF EXISTS "Authenticated users can insert products." ON products;
+DROP POLICY IF EXISTS "Authenticated users can update products." ON products;
+DROP POLICY IF EXISTS "Authenticated users can delete products." ON products;
+
+-- Create strict admin policies
+CREATE POLICY "Admins can insert products"
+  ON products FOR INSERT
+  WITH CHECK (
+    exists (
+      select 1 from profiles
+      where profiles.id = auth.uid() and profiles.role = 'admin'
+    )
+  );
+
+CREATE POLICY "Admins can update products"
+  ON products FOR UPDATE
+  USING (
+    exists (
+      select 1 from profiles
+      where profiles.id = auth.uid() and profiles.role = 'admin'
+    )
+  );
+
+CREATE POLICY "Admins can delete products"
+  ON products FOR DELETE
+  USING (
+    exists (
+      select 1 from profiles
+      where profiles.id = auth.uid() and profiles.role = 'admin'
+    )
+  );
+
+
+-- 2. CUSTOMERS TABLE
+-- Drop existing loose policies (if they match the previous loose pattern)
+DROP POLICY IF EXISTS "Admins can insert customers" ON customers;
+DROP POLICY IF EXISTS "Admins can update customers" ON customers;
+DROP POLICY IF EXISTS "Admins can delete customers" ON customers;
+
+-- Re-create strict policies (just to be sure, ensuring the subquery check is present)
+CREATE POLICY "Strict Admin Insert Customers"
+  ON customers FOR INSERT
+  WITH CHECK (
+    exists (
+      select 1 from profiles
+      where profiles.id = auth.uid() and profiles.role = 'admin'
+    )
+  );
+
+CREATE POLICY "Strict Admin Update Customers"
+  ON customers FOR UPDATE
+  USING (
+    exists (
+      select 1 from profiles
+      where profiles.id = auth.uid() and profiles.role = 'admin'
+    )
+  );
+
+CREATE POLICY "Strict Admin Delete Customers"
+  ON customers FOR DELETE
+  USING (
+    exists (
+      select 1 from profiles
+      where profiles.id = auth.uid() and profiles.role = 'admin'
+    )
+  );
+
+-- 3. SITE CONTENTS TABLE
+DROP POLICY IF EXISTS "Admin update access" ON site_contents;
+DROP POLICY IF EXISTS "Admin insert access" ON site_contents;
+
+CREATE POLICY "Strict Admin Update Site Contents"
+  ON site_contents FOR UPDATE
+  USING (
+    exists (
+      select 1 from profiles
+      where profiles.id = auth.uid() and profiles.role = 'admin'
+    )
+  );
+
+CREATE POLICY "Strict Admin Insert Site Contents"
+  ON site_contents FOR INSERT
+  WITH CHECK (
+    exists (
+      select 1 from profiles
+      where profiles.id = auth.uid() and profiles.role = 'admin'
+    )
+  );