Personel Sayfası ve Uygulama renk değişiklikleri

2026-03-18 00:08:39 +03:00
parent eb7dee7705
commit b354412cb8
19 changed files with 836 additions and 349 deletions
--- a/supabase/migrations/20240317000001_user_sync_trigger.sql
+++ b/supabase/migrations/20240317000001_user_sync_trigger.sql
@@ -0,0 +1,19 @@
+-- Create a trigger function to handle new user registration
+CREATE OR REPLACE FUNCTION public.handle_new_user()
+RETURNS TRIGGER AS $$
+BEGIN
+  INSERT INTO public.users (id, email, first_name, last_name)
+  VALUES (
+    NEW.id,
+    NEW.email,
+    NEW.raw_user_meta_data->>'first_name',
+    NEW.raw_user_meta_data->>'last_name'
+  );
+  RETURN NEW;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- Trigger the function every time a user is created
+CREATE TRIGGER on_auth_user_created
+  AFTER INSERT ON auth.users
+  FOR EACH ROW EXECUTE PROCEDURE public.handle_new_user();
--- a/supabase/migrations/20240317000002_leave_balances.sql
+++ b/supabase/migrations/20240317000002_leave_balances.sql
@@ -0,0 +1,40 @@
+-- Create leave_balances table
+CREATE TABLE public.leave_balances (
+    id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
+    employee_id UUID REFERENCES public.employees(id) ON DELETE CASCADE UNIQUE NOT NULL,
+    total_days DECIMAL(5,2) DEFAULT 0 NOT NULL, -- Total accrued days
+    used_days DECIMAL(5,2) DEFAULT 0 NOT NULL,  -- Successfully used days
+    pending_days DECIMAL(5,2) DEFAULT 0 NOT NULL, -- Days currently in pending status
+    remaining_days DECIMAL(5,2) GENERATED ALWAYS AS (total_days - used_days) STORED,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT timezone('utc'::text, now()) NOT NULL,
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT timezone('utc'::text, now()) NOT NULL
+);
+
+-- RLS for leave_balances
+ALTER TABLE public.leave_balances ENABLE ROW LEVEL SECURITY;
+
+CREATE POLICY "Users can view their own leave balance"
+ON public.leave_balances
+FOR SELECT TO authenticated
+USING (
+    employee_id IN (
+        SELECT id FROM public.employees WHERE user_id = auth.uid()
+    )
+);
+
+-- Trigger to create a balance record when a new employee is added
+CREATE OR REPLACE FUNCTION public.handle_new_employee_balance()
+RETURNS TRIGGER AS $$
+BEGIN
+  INSERT INTO public.leave_balances (employee_id, total_days)
+  VALUES (NEW.id, 14); -- Defaulting to 14 days per year
+  RETURN NEW;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+CREATE TRIGGER on_employee_created
+  AFTER INSERT ON public.employees
+  FOR EACH ROW EXECUTE PROCEDURE public.handle_new_employee_balance();
+
+-- Trigger updated_at for leave_balances
+CREATE TRIGGER update_leave_balances_modtime BEFORE UPDATE ON public.leave_balances FOR EACH ROW EXECUTE PROCEDURE update_updated_at_column();
--- a/supabase/migrations/20240317000003_tighten_rls.sql
+++ b/supabase/migrations/20240317000003_tighten_rls.sql
@@ -0,0 +1,41 @@
+-- Drop loose policies
+DROP POLICY IF EXISTS "Allow authenticated full access to companies" ON public.companies;
+DROP POLICY IF EXISTS "Allow authenticated full access to employees" ON public.employees;
+
+-- Tighten Companies RLS (Only admins or users belonging to the company)
+CREATE POLICY "Users can view their own company"
+ON public.companies
+FOR SELECT TO authenticated
+USING (
+    id IN (
+        SELECT company_id FROM public.employees WHERE user_id = auth.uid()
+    )
+);
+
+CREATE POLICY "Personal employee record view"
+ON public.employees
+FOR SELECT TO authenticated
+USING (user_id = auth.uid());
+
+CREATE POLICY "Employees can view colleagues in their company"
+ON public.employees
+FOR SELECT TO authenticated
+USING (
+    company_id IN (
+        SELECT company_id FROM public.employees WHERE user_id = auth.uid()
+    )
+);
+
+CREATE POLICY "Managers can manage employees in their company"
+ON public.employees
+FOR ALL TO authenticated
+USING (
+    company_id IN (
+        SELECT company_id FROM public.employees WHERE user_id = auth.uid()
+    )
+)
+WITH CHECK (
+    company_id IN (
+        SELECT company_id FROM public.employees WHERE user_id = auth.uid()
+    )
+);
--- a/supabase/migrations/20240317000004_fix_rls_recursion.sql
+++ b/supabase/migrations/20240317000004_fix_rls_recursion.sql
@@ -0,0 +1,76 @@
+-- 1. Create SECURITY DEFINER functions to bypass RLS recursion
+-- We need these functions to check roles and membership without recursing into the same table's RLS policy.
+
+-- Function to check if a user is an admin
+CREATE OR REPLACE FUNCTION public.is_admin()
+RETURNS boolean AS $$
+BEGIN
+  RETURN EXISTS (
+    SELECT 1 FROM public.employees e
+    INNER JOIN public.roles r ON e.role_id = r.id
+    WHERE e.user_id = auth.uid() 
+    AND r.name = 'admin'
+  );
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- Function to get the current user's company IDs
+CREATE OR REPLACE FUNCTION public.get_my_companies()
+RETURNS SETOF uuid AS $$
+BEGIN
+  RETURN QUERY SELECT company_id FROM public.employees WHERE user_id = auth.uid();
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+-- 2. Clean up old recursive policies
+DROP POLICY IF EXISTS "Users can view their own company" ON public.companies;
+DROP POLICY IF EXISTS "Personal employee record view" ON public.employees;
+DROP POLICY IF EXISTS "Employees can view colleagues in their company" ON public.employees;
+DROP POLICY IF EXISTS "Managers can manage employees in their company" ON public.employees;
+
+-- 3. Create new non-recursive policies
+
+-- Companies: Users can see companies they belong to
+CREATE POLICY "View belonging companies"
+ON public.companies
+FOR SELECT TO authenticated
+USING (
+    id IN (SELECT public.get_my_companies())
+    OR public.is_admin()
+);
+
+-- Employees: Everyone can see their own record
+CREATE POLICY "View own employee record"
+ON public.employees
+FOR SELECT TO authenticated
+USING (user_id = auth.uid());
+
+-- Employees: Admins can see everyone in the companies they belong to
+CREATE POLICY "Admins can see coworkers"
+ON public.employees
+FOR SELECT TO authenticated
+USING (
+    company_id IN (SELECT public.get_my_companies())
+    AND public.is_admin()
+);
+
+-- Employees: Admins can manage coworkers
+CREATE POLICY "Admins can manage coworkers"
+ON public.employees
+FOR ALL TO authenticated
+USING (
+    company_id IN (SELECT public.get_my_companies())
+    AND public.is_admin()
+)
+WITH CHECK (
+    company_id IN (SELECT public.get_my_companies())
+    AND public.is_admin()
+);
+
+-- Users: Ensure everyone can see their own profile at least
+CREATE POLICY "Users can view own profile"
+ON public.users
+FOR SELECT TO authenticated
+USING (auth.uid() = id);
+
+-- If "Users can view all users" already exists, it's fine.