New Proje

supabase/migrations/init_schema.sql

@@ -0,0 +1,140 @@
+-- 1. Create Tables
+
+-- Companies Table
+CREATE TABLE public.companies (
+    id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
+    name TEXT NOT NULL,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT timezone('utc'::text, now()) NOT NULL
+);
+
+-- Roles Table
+CREATE TABLE public.roles (
+    id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
+    name TEXT NOT NULL UNIQUE,
+    description TEXT,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT timezone('utc'::text, now()) NOT NULL
+);
+
+-- Profiles/Users Table (Extending auth.users)
+CREATE TABLE public.users (
+    id UUID REFERENCES auth.users(id) ON DELETE CASCADE PRIMARY KEY,
+    first_name TEXT,
+    last_name TEXT,
+    email TEXT UNIQUE NOT NULL,
+    phone TEXT,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT timezone('utc'::text, now()) NOT NULL,
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT timezone('utc'::text, now()) NOT NULL
+);
+
+-- Employees Table
+CREATE TABLE public.employees (
+    id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
+    user_id UUID REFERENCES public.users(id) ON DELETE CASCADE,
+    company_id UUID REFERENCES public.companies(id) ON DELETE CASCADE,
+    role_id UUID REFERENCES public.roles(id) ON DELETE RESTRICT,
+    department TEXT,
+    title TEXT,
+    hire_date DATE,
+    status TEXT DEFAULT 'active' CHECK (status IN ('active', 'inactive', 'terminated')),
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT timezone('utc'::text, now()) NOT NULL,
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT timezone('utc'::text, now()) NOT NULL,
+    UNIQUE(user_id, company_id) -- An employee can only be tied to a specific company once
+);
+
+-- Leave Requests Table
+CREATE TABLE public.leave_requests (
+    id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
+    employee_id UUID REFERENCES public.employees(id) ON DELETE CASCADE NOT NULL,
+    start_date DATE NOT NULL,
+    end_date DATE NOT NULL,
+    status TEXT DEFAULT 'pending' CHECK (status IN ('pending', 'approved', 'rejected', 'cancelled')),
+    reason TEXT,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT timezone('utc'::text, now()) NOT NULL,
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT timezone('utc'::text, now()) NOT NULL
+);
+
+-- 2. Enable Row Level Security (RLS)
+ALTER TABLE public.companies ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.roles ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.users ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.employees ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.leave_requests ENABLE ROW LEVEL SECURITY;
+
+-- 3. Create Basic RLS Policies
+-- Temporarily, we want authenticated users to be able to read/write.
+-- In a real production setup, we'd add complex logic verifying auth.uid() against roles.
+
+-- Companies Policies
+CREATE POLICY "Allow authenticated full access to companies"
+ON public.companies
+FOR ALL TO authenticated
+USING (true)
+WITH CHECK (true);
+
+-- Roles Policies
+CREATE POLICY "Allow authenticated read access to roles"
+ON public.roles
+FOR SELECT TO authenticated
+USING (true);
+
+-- Users Policies
+CREATE POLICY "Users can view all users"
+ON public.users
+FOR SELECT TO authenticated
+USING (true);
+
+CREATE POLICY "Users can insert their own profile"
+ON public.users
+FOR INSERT TO authenticated
+WITH CHECK (auth.uid() = id);
+
+CREATE POLICY "Users can update their own profile"
+ON public.users
+FOR UPDATE TO authenticated
+USING (auth.uid() = id);
+
+-- Employees Policies
+CREATE POLICY "Allow authenticated full access to employees"
+ON public.employees
+FOR ALL TO authenticated
+USING (true)
+WITH CHECK (true);
+
+-- Leave Requests Policies
+CREATE POLICY "Employees can manage their own leave requests"
+ON public.leave_requests
+FOR ALL TO authenticated
+USING (
+    employee_id IN (
+        SELECT id FROM public.employees WHERE user_id = auth.uid()
+    )
+)
+WITH CHECK (
+    employee_id IN (
+        SELECT id FROM public.employees WHERE user_id = auth.uid()
+    )
+);
+
+CREATE POLICY "Managers can view all leave requests"
+ON public.leave_requests
+FOR SELECT TO authenticated
+USING (true);
+
+-- 4. Initial Seed Data
+INSERT INTO public.roles (name, description) VALUES
+('admin', 'Sistem Yöneticisi (Tüm yetkiler)'),
+('manager', 'Yönetici (Çalışan ve izin onay/red yetkisi)'),
+('employee', 'Standart Çalışan');
+
+-- 5. Trigger for updated_at timestamps
+CREATE OR REPLACE FUNCTION update_updated_at_column()
+RETURNS TRIGGER AS $$
+BEGIN
+   NEW.updated_at = now(); 
+   RETURN NEW;
+END;
+$$ language 'plpgsql';
+
+CREATE TRIGGER update_users_modtime BEFORE UPDATE ON public.users FOR EACH ROW EXECUTE PROCEDURE update_updated_at_column();
+CREATE TRIGGER update_employees_modtime BEFORE UPDATE ON public.employees FOR EACH ROW EXECUTE PROCEDURE update_updated_at_column();
+CREATE TRIGGER update_leave_requests_modtime BEFORE UPDATE ON public.leave_requests FOR EACH ROW EXECUTE PROCEDURE update_updated_at_column();