141 lines
4.7 KiB
PL/PgSQL
141 lines
4.7 KiB
PL/PgSQL
-- 1. Create Tables
|
|
|
|
-- Companies Table
|
|
CREATE TABLE public.companies (
|
|
id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
|
|
name TEXT NOT NULL,
|
|
created_at TIMESTAMP WITH TIME ZONE DEFAULT timezone('utc'::text, now()) NOT NULL
|
|
);
|
|
|
|
-- Roles Table
|
|
CREATE TABLE public.roles (
|
|
id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
|
|
name TEXT NOT NULL UNIQUE,
|
|
description TEXT,
|
|
created_at TIMESTAMP WITH TIME ZONE DEFAULT timezone('utc'::text, now()) NOT NULL
|
|
);
|
|
|
|
-- Profiles/Users Table (Extending auth.users)
|
|
CREATE TABLE public.users (
|
|
id UUID REFERENCES auth.users(id) ON DELETE CASCADE PRIMARY KEY,
|
|
first_name TEXT,
|
|
last_name TEXT,
|
|
email TEXT UNIQUE NOT NULL,
|
|
phone TEXT,
|
|
created_at TIMESTAMP WITH TIME ZONE DEFAULT timezone('utc'::text, now()) NOT NULL,
|
|
updated_at TIMESTAMP WITH TIME ZONE DEFAULT timezone('utc'::text, now()) NOT NULL
|
|
);
|
|
|
|
-- Employees Table
|
|
CREATE TABLE public.employees (
|
|
id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
|
|
user_id UUID REFERENCES public.users(id) ON DELETE CASCADE,
|
|
company_id UUID REFERENCES public.companies(id) ON DELETE CASCADE,
|
|
role_id UUID REFERENCES public.roles(id) ON DELETE RESTRICT,
|
|
department TEXT,
|
|
title TEXT,
|
|
hire_date DATE,
|
|
status TEXT DEFAULT 'active' CHECK (status IN ('active', 'inactive', 'terminated')),
|
|
created_at TIMESTAMP WITH TIME ZONE DEFAULT timezone('utc'::text, now()) NOT NULL,
|
|
updated_at TIMESTAMP WITH TIME ZONE DEFAULT timezone('utc'::text, now()) NOT NULL,
|
|
UNIQUE(user_id, company_id) -- An employee can only be tied to a specific company once
|
|
);
|
|
|
|
-- Leave Requests Table
|
|
CREATE TABLE public.leave_requests (
|
|
id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
|
|
employee_id UUID REFERENCES public.employees(id) ON DELETE CASCADE NOT NULL,
|
|
start_date DATE NOT NULL,
|
|
end_date DATE NOT NULL,
|
|
status TEXT DEFAULT 'pending' CHECK (status IN ('pending', 'approved', 'rejected', 'cancelled')),
|
|
reason TEXT,
|
|
created_at TIMESTAMP WITH TIME ZONE DEFAULT timezone('utc'::text, now()) NOT NULL,
|
|
updated_at TIMESTAMP WITH TIME ZONE DEFAULT timezone('utc'::text, now()) NOT NULL
|
|
);
|
|
|
|
-- 2. Enable Row Level Security (RLS)
|
|
ALTER TABLE public.companies ENABLE ROW LEVEL SECURITY;
|
|
ALTER TABLE public.roles ENABLE ROW LEVEL SECURITY;
|
|
ALTER TABLE public.users ENABLE ROW LEVEL SECURITY;
|
|
ALTER TABLE public.employees ENABLE ROW LEVEL SECURITY;
|
|
ALTER TABLE public.leave_requests ENABLE ROW LEVEL SECURITY;
|
|
|
|
-- 3. Create Basic RLS Policies
|
|
-- Temporarily, we want authenticated users to be able to read/write.
|
|
-- In a real production setup, we'd add complex logic verifying auth.uid() against roles.
|
|
|
|
-- Companies Policies
|
|
CREATE POLICY "Allow authenticated full access to companies"
|
|
ON public.companies
|
|
FOR ALL TO authenticated
|
|
USING (true)
|
|
WITH CHECK (true);
|
|
|
|
-- Roles Policies
|
|
CREATE POLICY "Allow authenticated read access to roles"
|
|
ON public.roles
|
|
FOR SELECT TO authenticated
|
|
USING (true);
|
|
|
|
-- Users Policies
|
|
CREATE POLICY "Users can view all users"
|
|
ON public.users
|
|
FOR SELECT TO authenticated
|
|
USING (true);
|
|
|
|
CREATE POLICY "Users can insert their own profile"
|
|
ON public.users
|
|
FOR INSERT TO authenticated
|
|
WITH CHECK (auth.uid() = id);
|
|
|
|
CREATE POLICY "Users can update their own profile"
|
|
ON public.users
|
|
FOR UPDATE TO authenticated
|
|
USING (auth.uid() = id);
|
|
|
|
-- Employees Policies
|
|
CREATE POLICY "Allow authenticated full access to employees"
|
|
ON public.employees
|
|
FOR ALL TO authenticated
|
|
USING (true)
|
|
WITH CHECK (true);
|
|
|
|
-- Leave Requests Policies
|
|
CREATE POLICY "Employees can manage their own leave requests"
|
|
ON public.leave_requests
|
|
FOR ALL TO authenticated
|
|
USING (
|
|
employee_id IN (
|
|
SELECT id FROM public.employees WHERE user_id = auth.uid()
|
|
)
|
|
)
|
|
WITH CHECK (
|
|
employee_id IN (
|
|
SELECT id FROM public.employees WHERE user_id = auth.uid()
|
|
)
|
|
);
|
|
|
|
CREATE POLICY "Managers can view all leave requests"
|
|
ON public.leave_requests
|
|
FOR SELECT TO authenticated
|
|
USING (true);
|
|
|
|
-- 4. Initial Seed Data
|
|
INSERT INTO public.roles (name, description) VALUES
|
|
('admin', 'Sistem Yöneticisi (Tüm yetkiler)'),
|
|
('manager', 'Yönetici (Çalışan ve izin onay/red yetkisi)'),
|
|
('employee', 'Standart Çalışan');
|
|
|
|
-- 5. Trigger for updated_at timestamps
|
|
CREATE OR REPLACE FUNCTION update_updated_at_column()
|
|
RETURNS TRIGGER AS $$
|
|
BEGIN
|
|
NEW.updated_at = now();
|
|
RETURN NEW;
|
|
END;
|
|
$$ language 'plpgsql';
|
|
|
|
CREATE TRIGGER update_users_modtime BEFORE UPDATE ON public.users FOR EACH ROW EXECUTE PROCEDURE update_updated_at_column();
|
|
CREATE TRIGGER update_employees_modtime BEFORE UPDATE ON public.employees FOR EACH ROW EXECUTE PROCEDURE update_updated_at_column();
|
|
CREATE TRIGGER update_leave_requests_modtime BEFORE UPDATE ON public.leave_requests FOR EACH ROW EXECUTE PROCEDURE update_updated_at_column();
|