@nextblock-cms/db 0.2.27 → 0.2.28

package/supabase/migrations/20250619202000_add_is_active_to_languages.sql

@@ -1,5 +0,0 @@
--- Add is_active column to languages table
-ALTER TABLE public.languages
-ADD COLUMN is_active BOOLEAN NOT NULL DEFAULT true;
-
-COMMENT ON COLUMN public.languages.is_active IS 'Indicates if the language is currently active and available for use.';

package/supabase/migrations/20250620085700_fix_site_settings_write_rls.sql

@@ -1,27 +0,0 @@
--- Drop existing policies if they exist to avoid conflicts.
-DROP POLICY IF EXISTS "Allow ADMIN and WRITER to insert into site_settings" ON public.site_settings;
-DROP POLICY IF EXISTS "Allow ADMIN and WRITER to update site_settings" ON public.site_settings;
-DROP POLICY IF EXISTS "Allow ADMIN and WRITER to modify site_settings" ON public.site_settings;
-
--- This policy grants permission to insert into the site_settings table
--- to any authenticated user whose role in the profiles table is 'ADMIN' or 'WRITER'.
-CREATE POLICY "Allow ADMIN and WRITER to insert into site_settings"
-ON public.site_settings
-FOR INSERT
-TO authenticated
-WITH CHECK (
-  (SELECT role FROM public.profiles WHERE id = auth.uid()) IN ('ADMIN', 'WRITER')
-);
-
--- This policy grants permission to update the site_settings table
--- to any authenticated user whose role in the profiles table is 'ADMIN' or 'WRITER'.
-CREATE POLICY "Allow ADMIN and WRITER to update site_settings"
-ON public.site_settings
-FOR UPDATE
-TO authenticated
-USING (
-  (SELECT role FROM public.profiles WHERE id = auth.uid()) IN ('ADMIN', 'WRITER')
-)
-WITH CHECK (
-  (SELECT role FROM public.profiles WHERE id = auth.uid()) IN ('ADMIN', 'WRITER')
-);

package/supabase/migrations/20250620095500_fix_profiles_read_rls.sql

@@ -1,11 +0,0 @@
--- Drop the policy if it exists to ensure a clean state.
-DROP POLICY IF EXISTS "Allow user to read their own profile" ON public.profiles;
-
--- This policy allows an authenticated user to read their own row from the profiles table.
--- This is necessary for other RLS policies (like the one on site_settings) to be able
--- to look up the user's role during policy evaluation.
-CREATE POLICY "Allow user to read their own profile"
-ON public.profiles
-FOR SELECT
-TO authenticated
-USING (auth.uid() = id);

package/supabase/migrations/20250620100000_use_security_definer_for_rls.sql

@@ -1,39 +0,0 @@
--- Drop all previous policies on site_settings to ensure a clean slate.
-DROP POLICY IF EXISTS "Allow ADMIN and WRITER to insert into site_settings" ON public.site_settings;
-DROP POLICY IF EXISTS "Allow ADMIN and WRITER to update site_settings" ON public.site_settings;
-DROP POLICY IF EXISTS "Allow ADMIN and WRITER to modify site_settings" ON public.site_settings;
-
--- Create a trusted, elevated-privilege function to get the current user's role.
--- SECURITY DEFINER makes it run with the permissions of the function owner, bypassing nested RLS.
-CREATE OR REPLACE FUNCTION get_my_role()
-RETURNS TEXT AS $$
-DECLARE
-  user_role TEXT;
-BEGIN
-  SELECT role INTO user_role FROM public.profiles WHERE id = auth.uid();
-  RETURN user_role;
-END;
-$$ LANGUAGE plpgsql SECURITY DEFINER;
-
--- This policy grants permission to insert into the site_settings table
--- by using the trusted function to check the user's role.
-CREATE POLICY "Allow insert based on user role"
-ON public.site_settings
-FOR INSERT
-TO authenticated
-WITH CHECK (
-  get_my_role() IN ('ADMIN', 'WRITER')
-);
-
--- This policy grants permission to update the site_settings table
--- by using the trusted function to check the user's role.
-CREATE POLICY "Allow update based on user role"
-ON public.site_settings
-FOR UPDATE
-TO authenticated
-USING (
-  get_my_role() IN ('ADMIN', 'WRITER')
-)
-WITH CHECK (
-  get_my_role() IN ('ADMIN', 'WRITER')
-);

package/supabase/migrations/20250620130000_add_public_read_to_logos.sql

@@ -1,4 +0,0 @@
-CREATE POLICY "Allow public read access to logos"
-ON public.logos
-FOR SELECT
-USING (true);

package/supabase/migrations/20250708091700_create_translations_table.sql

@@ -1,55 +0,0 @@
--- Create the translations table
-CREATE TABLE translations (
-    key TEXT PRIMARY KEY,
-    translations JSONB NOT NULL,
-    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
-);
-
--- Add comments on the columns
-COMMENT ON COLUMN translations.key IS 'A unique, slugified identifier (e.g., "sign_in_button_text").';
-COMMENT ON COLUMN translations.translations IS 'Stores translations as key-value pairs (e.g., {"en": "Sign In", "fr": "s''inscrire"}).';
-
--- Enable Row Level Security
-ALTER TABLE translations ENABLE ROW LEVEL SECURITY;
-
--- RLS Policies
-CREATE POLICY "Allow all access to ADMIN"
-ON public.translations
-FOR ALL
-TO authenticated
-USING (
-  (auth.jwt() ->> 'user_role') = 'ADMIN'
-)
-WITH CHECK (
-  (auth.jwt() ->> 'user_role') = 'ADMIN'
-);
-
-CREATE POLICY "Allow read access to all authenticated users"
-ON public.translations
-FOR SELECT
-TO authenticated
-USING (true);
-
-CREATE POLICY "Allow read access to all anonymous users"
-ON public.translations
-FOR SELECT
-TO anon
-USING (true);
-
--- Trigger to update updated_at timestamp
-CREATE OR REPLACE FUNCTION public.set_current_timestamp_updated_at()
-RETURNS TRIGGER AS $$
-DECLARE
-  _new record;
-BEGIN
-  _new := NEW;
-  _new."updated_at" = NOW();
-  RETURN _new;
-END;
-$$ LANGUAGE plpgsql;
-
-CREATE TRIGGER set_updated_at
-BEFORE UPDATE ON public.translations
-FOR EACH ROW
-EXECUTE FUNCTION public.set_current_timestamp_updated_at();

package/supabase/migrations/20250708093403_seed_translations_table.sql

@@ -1,20 +0,0 @@
-INSERT INTO public.translations (key, translations) VALUES
-('sign_in', '{"en": "Sign in", "fr": "Connexion"}'),
-('sign_up', '{"en": "Sign up", "fr": "Inscription"}'),
-('sign_out', '{"en": "Sign out", "fr": "Déconnexion"}'),
-('dont_have_account', '{"en": "Don''t have an account?", "fr": "Pas encore de compte ?"}'),
-('email', '{"en": "Email", "fr": "Email"}'),
-('you_at_example_com', '{"en": "you@example.com", "fr": "vous@example.com"}'),
-('password', '{"en": "Password", "fr": "Mot de passe"}'),
-('forgot_password', '{"en": "Forgot Password?", "fr": "Mot de passe oublié ?"}'),
-('your_password', '{"en": "Your password", "fr": "Votre mot de passe"}'),
-('signing_in_pending', '{"en": "Signing In...", "fr": "Connexion en cours..."}'),
-('already_have_account', '{"en": "Already have an account?", "fr": "Déjà un compte ?"}'),
-('signing_up_pending', '{"en": "Signing up...", "fr": "Inscription en cours..."}'),
-('reset_password', '{"en": "Reset Password", "fr": "Réinitialiser le mot de passe"}');
-
--- Route prefix for the blog section
-INSERT INTO public.translations (key, translations) VALUES
-('blog_prefix', '{"en": "article", "fr": "article"}')
-ON CONFLICT (key) DO UPDATE
-SET translations = EXCLUDED.translations;

package/supabase/migrations/20250708110600_fix_translations_rls_policies.sql

@@ -1,11 +0,0 @@
--- Drop the existing restrictive policy for updates
-DROP POLICY IF EXISTS "Allow all access to ADMIN" ON public.translations;
-
--- Create a more permissive policy that allows authenticated users to update translations
--- This assumes that access to the CMS is already controlled at the application level
-CREATE POLICY "Allow authenticated users to manage translations"
-ON public.translations
-FOR ALL
-TO authenticated
-USING (true)
-WITH CHECK (true);

package/supabase/migrations/20250708112300_add_new_translations.sql

@@ -1,9 +0,0 @@
-INSERT INTO public.translations (key, translations) VALUES
-('edit_page', '{"en": "Edit Page", "fr": "Éditer la page"}'),
-('edit_post', '{"en": "Edit Post", "fr": "Éditer l''article"}'),
-('open_main_menu', '{"en": "Open main menu", "fr": "Ouvrir le menu principal"}'),
-('mobile_navigation_menu', '{"en": "Mobile navigation menu", "fr": "Menu de navigation mobile"}'),
-('cms_dashboard', '{"en": "CMS Dashboard", "fr": "Tableau de bord CMS"}'),
-('update_env_file_warning', '{"en": "Please update .env.local file with anon key and url", "fr": "Veuillez mettre à jour .env.local avec l''anon key et l''URL"}'),
-('greeting', '{"en": "Hey, {username}!", "fr": "Salut, {username} !"}')
-ON CONFLICT (key) DO NOTHING;

package/supabase/migrations/20250709120000_create_revisions_tables.sql

@@ -1,109 +0,0 @@
--- supabase/migrations/20250709120000_create_revisions_tables.sql
--- Hybrid revision history for pages and posts
-
-begin;
-
--- Create enum for revision type if not exists
-do $$
-begin
-  if not exists (select 1 from pg_type where typname = 'revision_type') then
-    create type public.revision_type as enum ('snapshot', 'diff');
-  end if;
-end
-$$;
-
--- Add version column to pages and posts if not exists
-do $$
-begin
-  if not exists (
-    select 1 from information_schema.columns
-    where table_schema = 'public' and table_name = 'pages' and column_name = 'version'
-  ) then
-    alter table public.pages add column version integer not null default 1;
-    comment on column public.pages.version is 'Monotonic version number for hybrid revisions.';
-  end if;
-end
-$$;
-
-do $$
-begin
-  if not exists (
-    select 1 from information_schema.columns
-    where table_schema = 'public' and table_name = 'posts' and column_name = 'version'
-  ) then
-    alter table public.posts add column version integer not null default 1;
-    comment on column public.posts.version is 'Monotonic version number for hybrid revisions.';
-  end if;
-end
-$$;
-
--- Create page_revisions table
-create table if not exists public.page_revisions (
-  id bigint generated by default as identity primary key,
-  page_id bigint not null references public.pages(id) on delete cascade,
-  author_id uuid references public.profiles(id) on delete set null,
-  version integer not null,
-  revision_type public.revision_type not null,
-  content jsonb not null,
-  created_at timestamp with time zone not null default now(),
-  constraint page_revisions_page_version_key unique (page_id, version)
-);
-
-comment on table public.page_revisions is 'Hybrid (snapshot/diff) revisions for pages.';
-comment on column public.page_revisions.content is 'If snapshot: full content; if diff: JSON Patch array.';
-
-create index if not exists idx_page_revisions_page_id on public.page_revisions(page_id);
-create index if not exists idx_page_revisions_page_id_version on public.page_revisions(page_id, version);
-
--- Create post_revisions table
-create table if not exists public.post_revisions (
-  id bigint generated by default as identity primary key,
-  post_id bigint not null references public.posts(id) on delete cascade,
-  author_id uuid references public.profiles(id) on delete set null,
-  version integer not null,
-  revision_type public.revision_type not null,
-  content jsonb not null,
-  created_at timestamp with time zone not null default now(),
-  constraint post_revisions_post_version_key unique (post_id, version)
-);
-
-comment on table public.post_revisions is 'Hybrid (snapshot/diff) revisions for posts.';
-comment on column public.post_revisions.content is 'If snapshot: full content; if diff: JSON Patch array.';
-
-create index if not exists idx_post_revisions_post_id on public.post_revisions(post_id);
-create index if not exists idx_post_revisions_post_id_version on public.post_revisions(post_id, version);
-
--- Enable RLS and add policies (admins and writers manage; authenticated can read)
-alter table public.page_revisions enable row level security;
-alter table public.post_revisions enable row level security;
-
--- Page revisions policies
-drop policy if exists "page_revisions_admin_writer_management" on public.page_revisions;
-create policy "page_revisions_admin_writer_management"
-on public.page_revisions for all
-to authenticated
-using (public.get_current_user_role() in ('ADMIN', 'WRITER'))
-with check (public.get_current_user_role() in ('ADMIN', 'WRITER'));
-
-drop policy if exists "page_revisions_authenticated_read" on public.page_revisions;
-create policy "page_revisions_authenticated_read"
-on public.page_revisions for select
-to authenticated
-using (true);
-
--- Post revisions policies
-drop policy if exists "post_revisions_admin_writer_management" on public.post_revisions;
-create policy "post_revisions_admin_writer_management"
-on public.post_revisions for all
-to authenticated
-using (public.get_current_user_role() in ('ADMIN', 'WRITER'))
-with check (public.get_current_user_role() in ('ADMIN', 'WRITER'));
-
-drop policy if exists "post_revisions_authenticated_read" on public.post_revisions;
-create policy "post_revisions_authenticated_read"
-on public.post_revisions for select
-to authenticated
-using (true);
-
-commit;
-

package/supabase/migrations/20251001113000_add_folder_to_media.sql

@@ -1,14 +0,0 @@
--- Add a folder column to organize media by path prefix
-ALTER TABLE public.media
-ADD COLUMN IF NOT EXISTS folder TEXT;
-
-COMMENT ON COLUMN public.media.folder IS 'Folder path prefix for the R2 object (e.g., images/summer/).';
-
--- Backfill existing rows by deriving folder from object_key (everything up to last slash)
-UPDATE public.media
-SET folder = NULLIF(regexp_replace(object_key, '[^/]*$', ''), '')
-WHERE folder IS NULL;
-
--- Index to speed up filtering by folder
-CREATE INDEX IF NOT EXISTS media_folder_idx ON public.media (folder);
-

package/supabase/migrations/20251112113736_fix_search_path_functions.sql

@@ -1,74 +0,0 @@
--- Ensure critical auth/public functions always use a safe search_path.
-BEGIN;
-
-CREATE OR REPLACE FUNCTION public.handle_languages_update()
-RETURNS TRIGGER
-LANGUAGE plpgsql
-SECURITY DEFINER
-SET search_path TO pg_temp, public
-AS $$
-BEGIN
-  NEW.updated_at = now();
-  RETURN NEW;
-END;
-$$;
-
-CREATE OR REPLACE FUNCTION public.get_my_claim(claim TEXT)
-RETURNS TEXT
-LANGUAGE plpgsql
-VOLATILE
-SET search_path TO pg_temp, public
-AS $$
-DECLARE
-    claims jsonb;
-    claim_value text;
-BEGIN
-    -- Safely get claims, defaulting to NULL if not present or invalid JSON
-    BEGIN
-        claims := current_setting('request.jwt.claims', true)::jsonb;
-    EXCEPTION
-        WHEN invalid_text_representation THEN
-            claims := NULL;
-    END;
-
-    -- If claims are NULL, return NULL
-    IF claims IS NULL THEN
-        RETURN NULL;
-    END IF;
-
-    -- Safely extract the claim value as text, removing quotes
-    claim_value := claims ->> claim;
-
-    RETURN claim_value;
-END;
-$$;
-
-CREATE OR REPLACE FUNCTION public.get_my_role()
-RETURNS TEXT
-LANGUAGE plpgsql
-SECURITY DEFINER
-SET search_path TO pg_temp, public
-AS $$
-DECLARE
-  user_role TEXT;
-BEGIN
-  SELECT role INTO user_role FROM public.profiles WHERE id = auth.uid();
-  RETURN user_role;
-END;
-$$;
-
-CREATE OR REPLACE FUNCTION public.set_current_timestamp_updated_at()
-RETURNS TRIGGER
-LANGUAGE plpgsql
-SET search_path TO pg_temp, public
-AS $$
-DECLARE
-  _new record;
-BEGIN
-  _new := NEW;
-  _new."updated_at" = now();
-  RETURN _new;
-END;
-$$;
-
-COMMIT;

package/supabase/migrations/20251112124444_fix_rls_performance.sql

@@ -1,63 +0,0 @@
-BEGIN;
-
--- Ensure profile read access uses a single policy and wraps auth.uid() safely.
-DROP POLICY IF EXISTS "Allow user to read their own profile" ON public.profiles;
-DROP POLICY IF EXISTS "authenticated_can_read_profiles" ON public.profiles;
-
-CREATE POLICY "authenticated_can_read_profiles" ON public.profiles
-FOR SELECT
-TO authenticated
-USING (
-  (id = (SELECT auth.uid())) OR
-  (public.get_current_user_role() = 'ADMIN')
-);
-COMMENT ON POLICY "authenticated_can_read_profiles" ON public.profiles IS 'Authenticated users can read their own profile; admins can read any profile.';
-
--- Harden storage.objects ownership checks.
-DROP POLICY IF EXISTS "allow_authenticated_uploads" ON storage.objects;
-DROP POLICY IF EXISTS "allow_authenticated_updates" ON storage.objects;
-DROP POLICY IF EXISTS "allow_authenticated_deletes" ON storage.objects;
-
-CREATE POLICY "allow_authenticated_uploads" ON storage.objects
-FOR INSERT TO authenticated
-WITH CHECK (bucket_id = 'public' AND owner = (SELECT auth.uid()));
-
-CREATE POLICY "allow_authenticated_updates" ON storage.objects
-FOR UPDATE TO authenticated
-USING (bucket_id = 'public' AND owner = (SELECT auth.uid()));
-
-CREATE POLICY "allow_authenticated_deletes" ON storage.objects
-FOR DELETE TO authenticated
-USING (bucket_id = 'public' AND owner = (SELECT auth.uid()));
-
--- Keep select policy as-is (bucket scoped) since it does not reference auth.uid().
-
--- Update site_settings policies to avoid initplan warnings.
-DROP POLICY IF EXISTS "Allow ADMIN and WRITER to insert into site_settings" ON public.site_settings;
-DROP POLICY IF EXISTS "Allow ADMIN and WRITER to update site_settings" ON public.site_settings;
-
-CREATE POLICY "Allow ADMIN and WRITER to insert into site_settings" ON public.site_settings
-FOR INSERT TO authenticated
-WITH CHECK (
-  EXISTS (
-    SELECT 1 FROM public.profiles
-    WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER')
-  )
-);
-
-CREATE POLICY "Allow ADMIN and WRITER to update site_settings" ON public.site_settings
-FOR UPDATE TO authenticated
-USING (
-  EXISTS (
-    SELECT 1 FROM public.profiles
-    WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER')
-  )
-)
-WITH CHECK (
-  EXISTS (
-    SELECT 1 FROM public.profiles
-    WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER')
-  )
-);
-
-COMMIT;

package/supabase/migrations/20251112125935_fix_combined_policies.sql

@@ -1,194 +0,0 @@
-BEGIN;
-
--- Consolidate logo read access into a single policy for the authenticated role.
-DROP POLICY IF EXISTS "Allow public read access to logos" ON public.logos;
-DROP POLICY IF EXISTS "Allow read access for authenticated users on logos" ON public.logos;
-
-CREATE POLICY "logos_authenticated_select_combined"
-ON public.logos
-FOR SELECT
-TO authenticated
-USING (true);
-
--- Page revisions: remove overlapping SELECT coverage and keep a single policy per action.
-DROP POLICY IF EXISTS page_revisions_admin_writer_management ON public.page_revisions;
-DROP POLICY IF EXISTS page_revisions_authenticated_read ON public.page_revisions;
-
-CREATE POLICY "page_revisions_authenticated_select_combined"
-ON public.page_revisions
-FOR SELECT
-TO authenticated
-USING (true);
-
-CREATE POLICY "page_revisions_admin_writer_insert"
-ON public.page_revisions
-FOR INSERT
-TO authenticated
-WITH CHECK (
-  EXISTS (
-    SELECT 1 FROM public.profiles
-    WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER')
-  )
-);
-
-CREATE POLICY "page_revisions_admin_writer_update"
-ON public.page_revisions
-FOR UPDATE
-TO authenticated
-USING (
-  EXISTS (
-    SELECT 1 FROM public.profiles
-    WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER')
-  )
-)
-WITH CHECK (
-  EXISTS (
-    SELECT 1 FROM public.profiles
-    WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER')
-  )
-);
-
-CREATE POLICY "page_revisions_admin_writer_delete"
-ON public.page_revisions
-FOR DELETE
-TO authenticated
-USING (
-  EXISTS (
-    SELECT 1 FROM public.profiles
-    WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER')
-  )
-);
-
--- Post revisions: same treatment as page revisions.
-DROP POLICY IF EXISTS post_revisions_admin_writer_management ON public.post_revisions;
-DROP POLICY IF EXISTS post_revisions_authenticated_read ON public.post_revisions;
-
-CREATE POLICY "post_revisions_authenticated_select_combined"
-ON public.post_revisions
-FOR SELECT
-TO authenticated
-USING (true);
-
-CREATE POLICY "post_revisions_admin_writer_insert"
-ON public.post_revisions
-FOR INSERT
-TO authenticated
-WITH CHECK (
-  EXISTS (
-    SELECT 1 FROM public.profiles
-    WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER')
-  )
-);
-
-CREATE POLICY "post_revisions_admin_writer_update"
-ON public.post_revisions
-FOR UPDATE
-TO authenticated
-USING (
-  EXISTS (
-    SELECT 1 FROM public.profiles
-    WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER')
-  )
-)
-WITH CHECK (
-  EXISTS (
-    SELECT 1 FROM public.profiles
-    WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER')
-  )
-);
-
-CREATE POLICY "post_revisions_admin_writer_delete"
-ON public.post_revisions
-FOR DELETE
-TO authenticated
-USING (
-  EXISTS (
-    SELECT 1 FROM public.profiles
-    WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER')
-  )
-);
-
--- Site settings: collapse overlapping policies per action.
-DROP POLICY IF EXISTS "Allow ADMIN and WRITER to insert into site_settings" ON public.site_settings;
-DROP POLICY IF EXISTS "Allow admins full access on site_settings" ON public.site_settings;
-DROP POLICY IF EXISTS "Allow insert based on user role" ON public.site_settings;
-DROP POLICY IF EXISTS "Allow authenticated users to read site_settings" ON public.site_settings;
-DROP POLICY IF EXISTS "Allow update based on user role" ON public.site_settings;
-DROP POLICY IF EXISTS "Allow ADMIN and WRITER to update site_settings" ON public.site_settings;
-DROP POLICY IF EXISTS "Allow ADMIN and WRITER to modify site_settings" ON public.site_settings;
-
-CREATE POLICY "site_settings_authenticated_insert_combined"
-ON public.site_settings
-FOR INSERT
-TO authenticated
-WITH CHECK (
-  EXISTS (
-    SELECT 1 FROM public.profiles
-    WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER')
-  )
-);
-
-CREATE POLICY "site_settings_authenticated_select_combined"
-ON public.site_settings
-FOR SELECT
-TO authenticated
-USING (true);
-
-CREATE POLICY "site_settings_authenticated_update_combined"
-ON public.site_settings
-FOR UPDATE
-TO authenticated
-USING (
-  EXISTS (
-    SELECT 1 FROM public.profiles
-    WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER')
-  )
-)
-WITH CHECK (
-  EXISTS (
-    SELECT 1 FROM public.profiles
-    WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER')
-  )
-);
-
-CREATE POLICY "site_settings_authenticated_delete_combined"
-ON public.site_settings
-FOR DELETE
-TO authenticated
-USING (
-  EXISTS (
-    SELECT 1 FROM public.profiles
-    WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER')
-  )
-);
-
--- Translations: split FOR ALL coverage into distinct policies.
-DROP POLICY IF EXISTS "Allow authenticated users to manage translations" ON public.translations;
-DROP POLICY IF EXISTS "Allow read access to all authenticated users" ON public.translations;
-
-CREATE POLICY "translations_authenticated_select_combined"
-ON public.translations
-FOR SELECT
-TO authenticated
-USING (true);
-
-CREATE POLICY "translations_authenticated_insert_combined"
-ON public.translations
-FOR INSERT
-TO authenticated
-WITH CHECK (true);
-
-CREATE POLICY "translations_authenticated_update_combined"
-ON public.translations
-FOR UPDATE
-TO authenticated
-USING (true)
-WITH CHECK (true);
-
-CREATE POLICY "translations_authenticated_delete_combined"
-ON public.translations
-FOR DELETE
-TO authenticated
-USING (true);
-
-COMMIT;

package/supabase/migrations/20251112132146_fix_foreign_key_indexes.sql

@@ -1,21 +0,0 @@
-BEGIN;
-
--- Add missing coverage for frequently joined foreign keys.
-CREATE INDEX IF NOT EXISTS idx_logos_media_id
-  ON public.logos (media_id);
-
-CREATE INDEX IF NOT EXISTS idx_page_revisions_author_id
-  ON public.page_revisions (author_id);
-
-CREATE INDEX IF NOT EXISTS idx_post_revisions_author_id
-  ON public.post_revisions (author_id);
-
--- Drop unused or redundant indexes called out by Supabase insights.
-DROP INDEX IF EXISTS idx_page_revisions_page_id_version;
-DROP INDEX IF EXISTS idx_post_revisions_post_id_version;
-DROP INDEX IF EXISTS idx_post_revisions_post_id;
-DROP INDEX IF EXISTS idx_pages_translation_group_id;
-DROP INDEX IF EXISTS idx_posts_translation_group_id;
-DROP INDEX IF EXISTS idx_navigation_items_menu_lang_order;
-
-COMMIT;

package/supabase/migrations/20251112132525_cleanup_unused_indexes.sql

@@ -1,10 +0,0 @@
-BEGIN;
-
--- Drop redundant or legacy indexes highlighted by Supabase Advisor.
-DROP INDEX IF EXISTS media_folder_idx;
-DROP INDEX IF EXISTS idx_blocks_language_id;
-DROP INDEX IF EXISTS idx_blocks_post_id;
-DROP INDEX IF EXISTS idx_navigation_items_language_id;
-DROP INDEX IF EXISTS idx_page_revisions_page_id;
-
-COMMIT;