48 lines
No EOL
1.6 KiB
SQL
48 lines
No EOL
1.6 KiB
SQL
-- Correction finale des politiques RLS pour les logs d'email
|
|
-- À exécuter dans l'éditeur SQL de Supabase
|
|
|
|
-- Supprimer toutes les politiques existantes
|
|
DROP POLICY IF EXISTS "Staff can view all email logs" ON email_logs;
|
|
DROP POLICY IF EXISTS "Users can view their own email logs" ON email_logs;
|
|
DROP POLICY IF EXISTS "Authenticated users can view email logs" ON email_logs;
|
|
DROP POLICY IF EXISTS "System can insert email logs" ON email_logs;
|
|
DROP POLICY IF EXISTS "System can update email logs" ON email_logs;
|
|
|
|
-- Politique corrigée pour les utilisateurs staff
|
|
CREATE POLICY "Staff can view all email logs" ON email_logs
|
|
FOR SELECT
|
|
TO authenticated
|
|
USING (
|
|
EXISTS (
|
|
SELECT 1 FROM staff_users
|
|
WHERE staff_users.user_id = auth.uid()
|
|
AND staff_users.is_staff = true
|
|
)
|
|
);
|
|
|
|
-- Politique pour les utilisateurs normaux (leurs propres emails seulement)
|
|
CREATE POLICY "Users can view their own email logs" ON email_logs
|
|
FOR SELECT
|
|
TO authenticated
|
|
USING (
|
|
sender_user_id = auth.uid()
|
|
);
|
|
|
|
-- Politique d'insertion pour le système (service role)
|
|
CREATE POLICY "System can insert email logs" ON email_logs
|
|
FOR INSERT
|
|
WITH CHECK (true);
|
|
|
|
-- Politique de mise à jour pour le système (service role)
|
|
CREATE POLICY "System can update email logs" ON email_logs
|
|
FOR UPDATE
|
|
USING (true)
|
|
WITH CHECK (true);
|
|
|
|
-- Test pour vérifier que la politique fonctionne
|
|
-- Cette requête devrait retourner TRUE si vous êtes staff
|
|
SELECT EXISTS (
|
|
SELECT 1 FROM staff_users
|
|
WHERE staff_users.user_id = auth.uid()
|
|
AND staff_users.is_staff = true
|
|
) as is_current_user_staff; |