89 lines
2.3 KiB
SQL
89 lines
2.3 KiB
SQL
-- Create sliders table
|
|
create table if not exists sliders (
|
|
id uuid default gen_random_uuid() primary key,
|
|
title text not null,
|
|
description text,
|
|
image_url text not null,
|
|
link text,
|
|
"order" integer default 0,
|
|
is_active boolean default true,
|
|
created_at timestamp with time zone default timezone('utc'::text, now()) not null
|
|
);
|
|
|
|
-- Enable RLS
|
|
alter table sliders enable row level security;
|
|
|
|
-- Policies for Sliders Table
|
|
create policy "Public sliders are viewable by everyone."
|
|
on sliders for select
|
|
using ( true );
|
|
|
|
create policy "Admins can insert sliders."
|
|
on sliders for insert
|
|
with check (
|
|
exists (
|
|
select 1 from profiles
|
|
where profiles.id = auth.uid() and profiles.role = 'admin'
|
|
)
|
|
);
|
|
|
|
create policy "Admins can update sliders."
|
|
on sliders for update
|
|
using (
|
|
exists (
|
|
select 1 from profiles
|
|
where profiles.id = auth.uid() and profiles.role = 'admin'
|
|
)
|
|
);
|
|
|
|
create policy "Admins can delete sliders."
|
|
on sliders for delete
|
|
using (
|
|
exists (
|
|
select 1 from profiles
|
|
where profiles.id = auth.uid() and profiles.role = 'admin'
|
|
)
|
|
);
|
|
|
|
-- STORAGE POLICIES (Assuming bucket 'images' exists)
|
|
-- You must create the 'images' bucket in Supabase Dashboard manually if not exists,
|
|
-- or we can try to insert it via SQL if extensions allow, but usually dashboard is safer for buckets.
|
|
-- Below policies assume the bucket is named 'images' and is set to PUBLIC.
|
|
|
|
-- 1. Allow public read access to everyone
|
|
create policy "Public Access"
|
|
on storage.objects for select
|
|
using ( bucket_id = 'images' );
|
|
|
|
-- 2. Allow authenticated admins to upload
|
|
create policy "Admin Upload"
|
|
on storage.objects for insert
|
|
with check (
|
|
bucket_id = 'images' and
|
|
exists (
|
|
select 1 from profiles
|
|
where profiles.id = auth.uid() and profiles.role = 'admin'
|
|
)
|
|
);
|
|
|
|
-- 3. Allow admins to update/delete their images (or all images)
|
|
create policy "Admin Update Delete"
|
|
on storage.objects for update
|
|
using (
|
|
bucket_id = 'images' and
|
|
exists (
|
|
select 1 from profiles
|
|
where profiles.id = auth.uid() and profiles.role = 'admin'
|
|
)
|
|
);
|
|
|
|
create policy "Admin Delete"
|
|
on storage.objects for delete
|
|
using (
|
|
bucket_id = 'images' and
|
|
exists (
|
|
select 1 from profiles
|
|
where profiles.id = auth.uid() and profiles.role = 'admin'
|
|
)
|
|
);
|