42 lines
1.1 KiB
SQL
42 lines
1.1 KiB
SQL
-- Drop loose policies
|
|
DROP POLICY IF EXISTS "Allow authenticated full access to companies" ON public.companies;
|
|
DROP POLICY IF EXISTS "Allow authenticated full access to employees" ON public.employees;
|
|
|
|
-- Tighten Companies RLS (Only admins or users belonging to the company)
|
|
CREATE POLICY "Users can view their own company"
|
|
ON public.companies
|
|
FOR SELECT TO authenticated
|
|
USING (
|
|
id IN (
|
|
SELECT company_id FROM public.employees WHERE user_id = auth.uid()
|
|
)
|
|
);
|
|
|
|
CREATE POLICY "Personal employee record view"
|
|
ON public.employees
|
|
FOR SELECT TO authenticated
|
|
USING (user_id = auth.uid());
|
|
|
|
CREATE POLICY "Employees can view colleagues in their company"
|
|
ON public.employees
|
|
FOR SELECT TO authenticated
|
|
USING (
|
|
company_id IN (
|
|
SELECT company_id FROM public.employees WHERE user_id = auth.uid()
|
|
)
|
|
);
|
|
|
|
CREATE POLICY "Managers can manage employees in their company"
|
|
ON public.employees
|
|
FOR ALL TO authenticated
|
|
USING (
|
|
company_id IN (
|
|
SELECT company_id FROM public.employees WHERE user_id = auth.uid()
|
|
)
|
|
)
|
|
WITH CHECK (
|
|
company_id IN (
|
|
SELECT company_id FROM public.employees WHERE user_id = auth.uid()
|
|
)
|
|
);
|