@nextblock-cms/db 0.2.27 → 0.2.29

package/supabase/migrations/20250515194800_add_translation_group_id.sql

@@ -1,39 +0,0 @@
--- supabase/migrations/YYYYMMDDHHMMSS_add_translation_group_id.sql
-
-ALTER TABLE public.pages
-ADD COLUMN translation_group_id UUID DEFAULT gen_random_uuid() NOT NULL;
-
-COMMENT ON COLUMN public.pages.translation_group_id IS 'Groups different language versions of the same conceptual page.';
-
-CREATE INDEX IF NOT EXISTS idx_pages_translation_group_id ON public.pages(translation_group_id);
-
--- For existing pages, you'll need to manually group them.
--- Example: If page ID 1 (EN) and page ID 10 (FR) are the same conceptual page:
--- UPDATE public.pages SET translation_group_id = (SELECT translation_group_id FROM public.pages WHERE id = 1) WHERE id = 10;
--- Or, for all pages that share a slug currently (from the previous model):
--- WITH slug_groups AS (
---   SELECT slug, MIN(id) as first_id, gen_random_uuid() as new_group_id
---   FROM public.pages
---   GROUP BY slug
---   HAVING COUNT(*) > 1 -- Only for slugs that were shared
--- )
--- UPDATE public.pages p
--- SET translation_group_id = sg.new_group_id
--- FROM slug_groups sg
--- WHERE p.slug = sg.slug;
---
--- UPDATE public.pages p
--- SET translation_group_id = gen_random_uuid()
--- WHERE p.translation_group_id IS NULL AND EXISTS (
---   SELECT 1 FROM (
---     SELECT slug, COUNT(*) as c FROM public.pages GROUP BY slug
---   ) counts WHERE counts.slug = p.slug AND counts.c = 1
--- );
-
-
-ALTER TABLE public.posts
-ADD COLUMN translation_group_id UUID DEFAULT gen_random_uuid() NOT NULL;
-
-COMMENT ON COLUMN public.posts.translation_group_id IS 'Groups different language versions of the same conceptual post.';
-
-CREATE INDEX IF NOT EXISTS idx_posts_translation_group_id ON public.posts(translation_group_id);

package/supabase/migrations/20250520171900_add_translation_group_to_nav_items.sql

@@ -1,21 +0,0 @@
--- supabase/migrations/YYYYMMDDHHMMSS_add_translation_group_to_nav_items.sql
--- Replace YYYYMMDDHHMMSS with the actual timestamp, e.g., 20250520171700
-
-ALTER TABLE public.navigation_items
-ADD COLUMN translation_group_id UUID DEFAULT gen_random_uuid() NOT NULL;
-
-COMMENT ON COLUMN public.navigation_items.translation_group_id IS 'Groups different language versions of the same conceptual navigation item.';
-
-CREATE INDEX IF NOT EXISTS idx_navigation_items_translation_group_id ON public.navigation_items(translation_group_id);
-
--- Note: For existing navigation items, you will need to manually group them if they are translations of each other.
--- For example, if item ID 5 (EN) and item ID 25 (FR) are the same conceptual link:
--- UPDATE public.navigation_items SET translation_group_id = (SELECT translation_group_id FROM public.navigation_items WHERE id = 5 LIMIT 1) WHERE id = 25;
--- Or, assign a new group ID to both if they weren't grouped yet:
--- WITH new_group AS (SELECT gen_random_uuid() as new_id)
--- UPDATE public.navigation_items
--- SET translation_group_id = (SELECT new_id FROM new_group)
--- WHERE id IN (5, 25);
---
--- It's recommended to do this grouping manually based on your existing data logic.
--- New items created through the updated CMS logic will automatically get grouped.

package/supabase/migrations/20250521143933_seed_homepage_and_nav.sql

@@ -1,52 +0,0 @@
--- supabase/migrations/YYYYMMDDHHMMSS_seed_homepage_and_nav.sql
--- Replace YYYYMMDDHHMMSS with the actual timestamp, e.g., 20250521100000
-
-DO $$
-DECLARE
-  en_lang_id BIGINT;
-  fr_lang_id BIGINT;
-  admin_user_id UUID;
-  home_page_translation_group UUID;
-  home_nav_translation_group UUID;
-  en_home_page_id BIGINT;
-  fr_home_page_id BIGINT;
-BEGIN
-  -- Get language IDs
-  SELECT id INTO en_lang_id FROM public.languages WHERE code = 'en' LIMIT 1;
-  SELECT id INTO fr_lang_id FROM public.languages WHERE code = 'fr' LIMIT 1;
-
-  -- Get an admin user ID to set as author (optional, fallback to NULL)
-  SELECT id INTO admin_user_id FROM public.profiles WHERE role = 'ADMIN' LIMIT 1;
-
-  -- Check if languages were found
-  IF en_lang_id IS NULL THEN
-    RAISE EXCEPTION 'English language (en) not found. Please seed languages first.';
-  END IF;
-  IF fr_lang_id IS NULL THEN
-    RAISE EXCEPTION 'French language (fr) not found. Please seed languages first.';
-  END IF;
-
-  -- Generate translation group UUIDs
-  home_page_translation_group := gen_random_uuid();
-  home_nav_translation_group := gen_random_uuid();
-
-  -- Seed English Homepage
-  INSERT INTO public.pages (language_id, author_id, title, slug, status, meta_title, meta_description, translation_group_id)
-  VALUES (en_lang_id, admin_user_id, 'Home', 'home', 'published', 'Homepage', 'This is the homepage.', home_page_translation_group)
-  RETURNING id INTO en_home_page_id;
-
-  -- Seed French Homepage (Accueil)
-  INSERT INTO public.pages (language_id, author_id, title, slug, status, meta_title, meta_description, translation_group_id)
-  VALUES (fr_lang_id, admin_user_id, 'Accueil', 'accueil', 'published', 'Page d''accueil', 'Ceci est la page d''accueil.', home_page_translation_group)
-  RETURNING id INTO fr_home_page_id;
-
-  -- Seed English Navigation Item for Homepage (linked to the English page, but URL is root)
-  INSERT INTO public.navigation_items (language_id, menu_key, label, url, "order", page_id, translation_group_id)
-  VALUES (en_lang_id, 'HEADER', 'Home', '/', 0, en_home_page_id, home_nav_translation_group);
-
-  -- Seed French Navigation Item for Homepage (linked to the French page, but URL is root)
-  INSERT INTO public.navigation_items (language_id, menu_key, label, url, "order", page_id, translation_group_id)
-  VALUES (fr_lang_id, 'HEADER', 'Accueil', '/', 0, fr_home_page_id, home_nav_translation_group);
-
-  RAISE NOTICE 'Homepage and navigation links seeded for EN and FR.';
-END $$;

package/supabase/migrations/20250523145833_add_feature_image_to_posts.sql

@@ -1,8 +0,0 @@
-ALTER TABLE public.posts
-ADD COLUMN feature_image_id UUID,
-ADD CONSTRAINT fk_feature_image
-    FOREIGN KEY (feature_image_id)
-    REFERENCES public.media(id)
-    ON DELETE SET NULL;
-
-COMMENT ON COLUMN public.posts.feature_image_id IS 'ID of the media item to be used as the post''s feature image.';

package/supabase/migrations/20250523151737_add_rls_to_media_table.sql

@@ -1,18 +0,0 @@
--- Drop existing policies if they exist, then recreate them.
-
--- Policy for public read access
-DROP POLICY IF EXISTS "media_are_publicly_readable" ON public.media;
-
-CREATE POLICY "media_are_publicly_readable"
-ON public.media FOR SELECT
-TO anon, authenticated
-USING (true);
-
--- Policy for admin/writer management
-DROP POLICY IF EXISTS "admins_and_writers_can_manage_media" ON public.media;
-
-CREATE POLICY "admins_and_writers_can_manage_media"
-ON public.media FOR ALL
-TO authenticated
-USING (public.get_current_user_role() IN ('ADMIN', 'WRITER'))
-WITH CHECK (public.get_current_user_role() IN ('ADMIN', 'WRITER'));

package/supabase/migrations/20250526110400_add_image_dimensions_to_media.sql

@@ -1,14 +0,0 @@
-ALTER TABLE public.media
-ADD COLUMN width INTEGER,
-ADD COLUMN height INTEGER;
-
--- Optional: Add a comment to describe the new columns
-COMMENT ON COLUMN public.media.width IS 'Width of the image in pixels.';
-COMMENT ON COLUMN public.media.height IS 'Height of the image in pixels.';
-
--- Backfill existing image media with nulls, or you might want to run a script later to populate them if possible
--- For now, they will be NULL by default.
-
--- Re-apply RLS policies if necessary, though ADD COLUMN usually doesn't require it unless policies are column-specific
--- and these new columns need to be included or excluded.
--- For simplicity, assuming existing policies are fine.

package/supabase/migrations/20250526153321_optimize_rls_policies.sql

@@ -1,188 +0,0 @@
--- supabase/migrations/YYYYMMDDHHMMSS_optimize_rls_policies_v2.sql
--- Replace YYYYMMDDHHMMSS with the actual timestamp of this migration file.
-
-BEGIN;
-
--- == PROFILES ==
-DROP POLICY IF EXISTS "users_can_select_own_profile" ON public.profiles;
-DROP POLICY IF EXISTS "users_can_update_own_profile" ON public.profiles;
-DROP POLICY IF EXISTS "admins_can_select_any_profile" ON public.profiles;
-DROP POLICY IF EXISTS "admins_can_update_any_profile" ON public.profiles;
-
-CREATE POLICY "authenticated_can_read_profiles" ON public.profiles
-  FOR SELECT
-  TO authenticated
-  USING (
-    (id = (SELECT auth.uid())) OR
-    (public.get_current_user_role() = 'ADMIN')
-  );
-COMMENT ON POLICY "authenticated_can_read_profiles" ON public.profiles IS 'Authenticated users can read their own profile, and admins can read any profile.';
-
-CREATE POLICY "authenticated_can_update_profiles" ON public.profiles
-  FOR UPDATE
-  TO authenticated
-  USING (
-    (id = (SELECT auth.uid())) OR
-    (public.get_current_user_role() = 'ADMIN')
-  )
-  WITH CHECK (
-    (id = (SELECT auth.uid())) OR
-    (public.get_current_user_role() = 'ADMIN')
-  );
-COMMENT ON POLICY "authenticated_can_update_profiles" ON public.profiles IS 'Authenticated users can update their own profile, and admins can update any profile.';
-
--- Ensure admin insert policy is present and correct (it typically uses WITH CHECK on the role, not USING for insert)
-DROP POLICY IF EXISTS "admins_can_insert_profiles" ON public.profiles;
-CREATE POLICY "admins_can_insert_profiles" ON public.profiles
-    FOR INSERT TO authenticated
-    WITH CHECK (public.get_current_user_role() = 'ADMIN');
-COMMENT ON POLICY "admins_can_insert_profiles" ON public.profiles IS 'Admin users can insert new profiles.';
-
-
--- == PAGES ==
-DROP POLICY IF EXISTS "pages_are_publicly_readable_when_published" ON public.pages;
-DROP POLICY IF EXISTS "authors_writers_admins_can_read_own_drafts" ON public.pages;
-DROP POLICY IF EXISTS "authors_writers_admins_can_read_own_or_all_drafts" ON public.pages;
-DROP POLICY IF EXISTS "admins_and_writers_can_manage_pages" ON public.pages;
-
-CREATE POLICY "pages_anon_can_read_published" ON public.pages
-  FOR SELECT
-  TO anon
-  USING (status = 'published');
-COMMENT ON POLICY "pages_anon_can_read_published" ON public.pages IS 'Anonymous users can read published pages.';
-
-CREATE POLICY "pages_authenticated_access" ON public.pages
-  FOR SELECT
-  TO authenticated
-  USING (
-    (status = 'published') OR
-    (author_id = (SELECT auth.uid()) AND status <> 'published') OR
-    (public.get_current_user_role() IN ('ADMIN', 'WRITER'))
-  );
-COMMENT ON POLICY "pages_authenticated_access" ON public.pages IS 'Authenticated users can read published pages, their own drafts, or all pages if admin/writer.';
-
-CREATE POLICY "pages_admin_writer_management" ON public.pages
-  FOR ALL -- Changed from INSERT, UPDATE, DELETE
-  TO authenticated
-  USING (public.get_current_user_role() IN ('ADMIN', 'WRITER'))
-  WITH CHECK (public.get_current_user_role() IN ('ADMIN', 'WRITER'));
-COMMENT ON POLICY "pages_admin_writer_management" ON public.pages IS 'Admins and Writers can manage pages.';
-
-
--- == POSTS ==
-DROP POLICY IF EXISTS "posts_are_publicly_readable_when_published" ON public.posts;
-DROP POLICY IF EXISTS "authors_writers_admins_can_read_own_draft_posts" ON public.posts;
-DROP POLICY IF EXISTS "authors_writers_admins_can_read_own_or_all_draft_posts" ON public.posts;
-DROP POLICY IF EXISTS "admins_and_writers_can_manage_posts" ON public.posts;
-
-CREATE POLICY "posts_anon_can_read_published" ON public.posts
-  FOR SELECT
-  TO anon
-  USING (status = 'published' AND (published_at IS NULL OR published_at <= now()));
-COMMENT ON POLICY "posts_anon_can_read_published" ON public.posts IS 'Anonymous users can read published posts.';
-
-CREATE POLICY "posts_authenticated_access" ON public.posts
-  FOR SELECT
-  TO authenticated
-  USING (
-    (status = 'published' AND (published_at IS NULL OR published_at <= now())) OR
-    (author_id = (SELECT auth.uid()) AND status <> 'published') OR
-    (public.get_current_user_role() IN ('ADMIN', 'WRITER'))
-  );
-COMMENT ON POLICY "posts_authenticated_access" ON public.posts IS 'Authenticated users can read published posts, their own drafts, or all posts if admin/writer.';
-
-CREATE POLICY "posts_admin_writer_management" ON public.posts
-  FOR ALL -- Changed from INSERT, UPDATE, DELETE
-  TO authenticated
-  USING (public.get_current_user_role() IN ('ADMIN', 'WRITER'))
-  WITH CHECK (public.get_current_user_role() IN ('ADMIN', 'WRITER'));
-COMMENT ON POLICY "posts_admin_writer_management" ON public.posts IS 'Admins and Writers can manage posts.';
-
-
--- == BLOCKS ==
-DROP POLICY IF EXISTS "blocks_are_readable_if_parent_is_published" ON public.blocks;
-DROP POLICY IF EXISTS "admins_and_writers_can_manage_blocks" ON public.blocks;
-
-CREATE POLICY "blocks_anon_can_read_published" ON public.blocks
-  FOR SELECT
-  TO anon
-  USING (
-    (page_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.pages p WHERE p.id = blocks.page_id AND p.status = 'published')) OR
-    (post_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.posts pt WHERE pt.id = blocks.post_id AND pt.status = 'published' AND (pt.published_at IS NULL OR pt.published_at <= now())))
-  );
-COMMENT ON POLICY "blocks_anon_can_read_published" ON public.blocks IS 'Anonymous users can read blocks of published parent pages/posts.';
-
-CREATE POLICY "blocks_authenticated_access" ON public.blocks
-  FOR SELECT
-  TO authenticated
-  USING (
-    (public.get_current_user_role() IN ('ADMIN', 'WRITER')) OR
-    (
-      (public.get_current_user_role() = 'USER') AND (
-        (page_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.pages p WHERE p.id = blocks.page_id AND p.status = 'published')) OR
-        (post_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.posts pt WHERE pt.id = blocks.post_id AND pt.status = 'published' AND (pt.published_at IS NULL OR pt.published_at <= now())))
-      )
-    )
-  );
-COMMENT ON POLICY "blocks_authenticated_access" ON public.blocks IS 'Admins/Writers can read all blocks; Users can read blocks of published parents.';
-
-CREATE POLICY "blocks_admin_writer_management" ON public.blocks
-  FOR ALL -- Changed from INSERT, UPDATE, DELETE
-  TO authenticated
-  USING (public.get_current_user_role() IN ('ADMIN', 'WRITER'))
-  WITH CHECK (public.get_current_user_role() IN ('ADMIN', 'WRITER'));
-COMMENT ON POLICY "blocks_admin_writer_management" ON public.blocks IS 'Admins and Writers can manage blocks.';
-
-
--- == LANGUAGES ==
-DROP POLICY IF EXISTS "languages_are_publicly_readable" ON public.languages;
-DROP POLICY IF EXISTS "admins_can_manage_languages" ON public.languages;
-
-CREATE POLICY "languages_are_publicly_readable_by_all" ON public.languages
-  FOR SELECT
-  USING (true);
-COMMENT ON POLICY "languages_are_publicly_readable_by_all" ON public.languages IS 'All users (anon and authenticated) can read languages.';
-
-CREATE POLICY "languages_admin_management" ON public.languages
-  FOR ALL -- Changed from INSERT, UPDATE, DELETE
-  TO authenticated
-  USING (public.get_current_user_role() = 'ADMIN')
-  WITH CHECK (public.get_current_user_role() = 'ADMIN');
-COMMENT ON POLICY "languages_admin_management" ON public.languages IS 'Admins can manage languages.';
-
-
--- == MEDIA ==
-DROP POLICY IF EXISTS "media_is_readable_by_all" ON public.media;
-DROP POLICY IF EXISTS "media_are_publicly_readable" ON public.media;
-DROP POLICY IF EXISTS "admins_and_writers_can_manage_media" ON public.media;
-
-CREATE POLICY "media_is_publicly_readable_by_all" ON public.media
-  FOR SELECT
-  USING (true);
-COMMENT ON POLICY "media_is_publicly_readable_by_all" ON public.media IS 'All users (anon and authenticated) can read media records.';
-
-CREATE POLICY "media_admin_writer_management" ON public.media
-  FOR ALL -- Changed from INSERT, UPDATE, DELETE
-  TO authenticated
-  USING (public.get_current_user_role() IN ('ADMIN', 'WRITER'))
-  WITH CHECK (public.get_current_user_role() IN ('ADMIN', 'WRITER'));
-COMMENT ON POLICY "media_admin_writer_management" ON public.media IS 'Admins and Writers can manage media records.';
-
-
--- == NAVIGATION ITEMS ==
-DROP POLICY IF EXISTS "navigation_is_publicly_readable" ON public.navigation_items;
-DROP POLICY IF EXISTS "admins_can_manage_navigation" ON public.navigation_items;
-
-CREATE POLICY "nav_items_are_publicly_readable_by_all" ON public.navigation_items
-  FOR SELECT
-  USING (true);
-COMMENT ON POLICY "nav_items_are_publicly_readable_by_all" ON public.navigation_items IS 'All users (anon and authenticated) can read navigation items.';
-
-CREATE POLICY "nav_items_admin_management" ON public.navigation_items
-  FOR ALL -- Changed from INSERT, UPDATE, DELETE
-  TO authenticated
-  USING (public.get_current_user_role() = 'ADMIN')
-  WITH CHECK (public.get_current_user_role() = 'ADMIN');
-COMMENT ON POLICY "nav_items_admin_management" ON public.navigation_items IS 'Admins can manage navigation items.';
-
-COMMIT;

package/supabase/migrations/20250526172513_resolve_select_policy_overlaps.sql

@@ -1,96 +0,0 @@
--- supabase/migrations/YYYYMMDDHHMMSS_resolve_select_policy_overlaps.sql
--- (Ensure YYYYMMDDHHMMSS is the current timestamp)
-
-BEGIN;
-
--- == BLOCKS ==
--- Assuming "blocks_admin_writer_management" is FOR ALL and covers SELECT for ADMIN/WRITER.
--- Make "blocks_authenticated_access" specific to non-ADMIN/WRITER authenticated users.
-DROP POLICY IF EXISTS "blocks_authenticated_access" ON public.blocks;
-CREATE POLICY "blocks_authenticated_user_access" ON public.blocks -- Renamed for clarity
-  FOR SELECT
-  TO authenticated
-  USING (
-    (public.get_current_user_role() NOT IN ('ADMIN', 'WRITER')) AND -- This is the key change
-    (
-      (page_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.pages p WHERE p.id = blocks.page_id AND p.status = 'published')) OR
-      (post_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.posts pt WHERE pt.id = blocks.post_id AND pt.status = 'published' AND (pt.published_at IS NULL OR pt.published_at <= now())))
-    )
-  );
-COMMENT ON POLICY "blocks_authenticated_user_access" ON public.blocks IS 'Authenticated USERS (non-admin/writer) can read blocks of published parents. Admin/Writer SELECT via their management policy.';
--- Note: "blocks_anon_can_read_published" (FOR SELECT TO anon) should remain unchanged.
--- Note: "blocks_admin_writer_management" (FOR ALL TO authenticated USING role IN (ADMIN,WRITER)) should remain unchanged.
-
--- == LANGUAGES ==
--- Assuming "languages_admin_management" is FOR ALL and covers SELECT for ADMIN.
--- Make "languages_are_publicly_readable_by_all" not apply to authenticated ADMINs.
-DROP POLICY IF EXISTS "languages_are_publicly_readable_by_all" ON public.languages;
-CREATE POLICY "languages_readable_by_anon_and_non_admins" ON public.languages -- Renamed
-  FOR SELECT
-  USING (
-    NOT (auth.role() = 'authenticated' AND public.get_current_user_role() = 'ADMIN')
-  );
-COMMENT ON POLICY "languages_readable_by_anon_and_non_admins" ON public.languages IS 'Anonymous users and authenticated non-admins can read languages. Admin SELECT via management policy.';
--- Note: "languages_admin_management" (FOR ALL TO authenticated USING role = ADMIN) should remain unchanged.
-
--- == MEDIA ==
--- Assuming "media_admin_writer_management" is FOR ALL and covers SELECT for ADMIN/WRITER.
--- Make "media_is_publicly_readable_by_all" not apply to authenticated ADMIN/WRITERs.
-DROP POLICY IF EXISTS "media_is_publicly_readable_by_all" ON public.media;
-CREATE POLICY "media_readable_by_anon_and_non_privileged_users" ON public.media -- Renamed
-  FOR SELECT
-  USING (
-    NOT (auth.role() = 'authenticated' AND public.get_current_user_role() IN ('ADMIN', 'WRITER'))
-  );
-COMMENT ON POLICY "media_readable_by_anon_and_non_privileged_users" ON public.media IS 'Anonymous users and authenticated non-admin/writer users can read media. Admin/Writer SELECT via management policy.';
--- Note: "media_admin_writer_management" (FOR ALL TO authenticated USING role IN (ADMIN,WRITER)) should remain unchanged.
-
--- == NAVIGATION ITEMS ==
--- Assuming "nav_items_admin_management" is FOR ALL and covers SELECT for ADMIN.
--- Make "nav_items_are_publicly_readable_by_all" not apply to authenticated ADMINs.
-DROP POLICY IF EXISTS "nav_items_are_publicly_readable_by_all" ON public.navigation_items;
-CREATE POLICY "nav_items_readable_by_anon_and_non_admins" ON public.navigation_items -- Renamed
-  FOR SELECT
-  USING (
-    NOT (auth.role() = 'authenticated' AND public.get_current_user_role() = 'ADMIN')
-  );
-COMMENT ON POLICY "nav_items_readable_by_anon_and_non_admins" ON public.navigation_items IS 'Anonymous users and authenticated non-admins can read nav items. Admin SELECT via management policy.';
--- Note: "nav_items_admin_management" (FOR ALL TO authenticated USING role = ADMIN) should remain unchanged.
-
--- == PAGES ==
--- Assuming "pages_admin_writer_management" is FOR ALL and covers SELECT for ADMIN/WRITER.
--- Make "pages_authenticated_access" specific to non-ADMIN/WRITER authenticated users.
-DROP POLICY IF EXISTS "pages_authenticated_access" ON public.pages;
-CREATE POLICY "pages_user_authenticated_access" ON public.pages -- Renamed
-  FOR SELECT
-  TO authenticated
-  USING (
-    (public.get_current_user_role() NOT IN ('ADMIN', 'WRITER')) AND -- This is the key change
-    (
-      (status = 'published') OR
-      (author_id = (SELECT auth.uid()) AND status <> 'published')
-    )
-  );
-COMMENT ON POLICY "pages_user_authenticated_access" ON public.pages IS 'Authenticated USERS (non-admin/writer) can read published pages or their own drafts. Admin/Writer SELECT via their management policy.';
--- Note: "pages_anon_can_read_published" (FOR SELECT TO anon) should remain unchanged.
--- Note: "pages_admin_writer_management" (FOR ALL TO authenticated USING role IN (ADMIN,WRITER)) should remain unchanged.
-
--- == POSTS ==
--- Assuming "posts_admin_writer_management" is FOR ALL and covers SELECT for ADMIN/WRITER.
--- Make "posts_authenticated_access" specific to non-ADMIN/WRITER authenticated users.
-DROP POLICY IF EXISTS "posts_authenticated_access" ON public.posts;
-CREATE POLICY "posts_user_authenticated_access" ON public.posts -- Renamed
-  FOR SELECT
-  TO authenticated
-  USING (
-    (public.get_current_user_role() NOT IN ('ADMIN', 'WRITER')) AND -- This is the key change
-    (
-      (status = 'published' AND (published_at IS NULL OR published_at <= now())) OR
-      (author_id = (SELECT auth.uid()) AND status <> 'published')
-    )
-  );
-COMMENT ON POLICY "posts_user_authenticated_access" ON public.posts IS 'Authenticated USERS (non-admin/writer) can read published posts or their own drafts. Admin/Writer SELECT via their management policy.';
--- Note: "posts_anon_can_read_published" (FOR SELECT TO anon) should remain unchanged.
--- Note: "posts_admin_writer_management" (FOR ALL TO authenticated USING role IN (ADMIN,WRITER)) should remain unchanged.
-
-COMMIT;

package/supabase/migrations/20250526172853_resolve_remaining_rls_v5.sql

@@ -1,107 +0,0 @@
--- supabase/migrations/YYYYMMDDHHMMSS_resolve_remaining_rls_v5.sql
--- (Ensure YYYYMMDDHHMMSS is the current timestamp)
-
-BEGIN;
-
--- == LANGUAGES ==
--- Drop the policy from v4 that needs auth.role() fix and better role targeting.
-DROP POLICY IF EXISTS "languages_readable_by_anon_and_non_admins" ON public.languages;
--- Policy for anon
-CREATE POLICY "languages_anon_can_read" ON public.languages
-  FOR SELECT TO anon USING (true);
-COMMENT ON POLICY "languages_anon_can_read" ON public.languages IS 'Anonymous users can read languages.';
--- Policy for authenticated USERS (non-admins)
-CREATE POLICY "languages_user_can_read" ON public.languages
-  FOR SELECT TO authenticated
-  USING (public.get_current_user_role() <> 'ADMIN'); -- Allows USER and WRITER (if writer isn't admin)
-COMMENT ON POLICY "languages_user_can_read" ON public.languages IS 'Authenticated non-admin users can read languages.';
--- "languages_admin_management" (FOR ALL TO authenticated USING role = ADMIN) is assumed to be current and handles admin SELECT.
-
-
--- == MEDIA ==
--- Drop the policy from v4
-DROP POLICY IF EXISTS "media_readable_by_anon_and_non_privileged_users" ON public.media;
--- Policy for anon
-CREATE POLICY "media_anon_can_read" ON public.media
-  FOR SELECT TO anon USING (true);
-COMMENT ON POLICY "media_anon_can_read" ON public.media IS 'Anonymous users can read media records.';
--- Policy for authenticated USERS (non-admin/writer)
-CREATE POLICY "media_user_can_read" ON public.media
-  FOR SELECT TO authenticated
-  USING (public.get_current_user_role() NOT IN ('ADMIN', 'WRITER'));
-COMMENT ON POLICY "media_user_can_read" ON public.media IS 'Authenticated USERS (non-admin/writer) can read media records.';
--- "media_admin_writer_management" (FOR ALL TO authenticated USING role IN (ADMIN,WRITER)) is assumed current.
-
-
--- == NAVIGATION ITEMS ==
--- Drop the policy from v4
-DROP POLICY IF EXISTS "nav_items_readable_by_anon_and_non_admins" ON public.navigation_items;
--- Policy for anon
-CREATE POLICY "nav_items_anon_can_read" ON public.navigation_items
-  FOR SELECT TO anon USING (true);
-COMMENT ON POLICY "nav_items_anon_can_read" ON public.navigation_items IS 'Anonymous users can read navigation items.';
--- Policy for authenticated USERS (non-admins)
-CREATE POLICY "nav_items_user_can_read" ON public.navigation_items
-  FOR SELECT TO authenticated
-  USING (public.get_current_user_role() <> 'ADMIN'); -- Allows USER and WRITER
-COMMENT ON POLICY "nav_items_user_can_read" ON public.navigation_items IS 'Authenticated non-admin users can read navigation items.';
--- "nav_items_admin_management" (FOR ALL TO authenticated USING role = ADMIN) is assumed current.
-
-
--- == BLOCKS ==
--- Drop the "blocks_authenticated_user_access" from v4
-DROP POLICY IF EXISTS "blocks_authenticated_user_access" ON public.blocks;
--- Recreate explicitly for USER role to avoid overlap with admin/writer FOR ALL policy
-CREATE POLICY "blocks_user_role_can_read_published_parents" ON public.blocks
-  FOR SELECT
-  TO authenticated
-  USING (
-    (public.get_current_user_role() = 'USER') AND
-    (
-      (page_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.pages p WHERE p.id = blocks.page_id AND p.status = 'published')) OR
-      (post_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.posts pt WHERE pt.id = blocks.post_id AND pt.status = 'published' AND (pt.published_at IS NULL OR pt.published_at <= now())))
-    )
-  );
-COMMENT ON POLICY "blocks_user_role_can_read_published_parents" ON public.blocks IS 'Authenticated USERS can read blocks of published parents. Admin/Writer SELECT via their management policy.';
--- "blocks_anon_can_read_published" (FOR SELECT TO anon) from previous migrations is assumed to be fine.
--- "blocks_admin_writer_management" (FOR ALL TO authenticated USING role IN (ADMIN,WRITER)) is assumed current.
-
-
--- == PAGES ==
--- Drop "pages_user_authenticated_access" from v4
-DROP POLICY IF EXISTS "pages_user_authenticated_access" ON public.pages;
--- Recreate explicitly for USER role
-CREATE POLICY "pages_user_role_access" ON public.pages
-  FOR SELECT
-  TO authenticated
-  USING (
-    (public.get_current_user_role() = 'USER') AND
-    (
-      (status = 'published') OR
-      (author_id = (SELECT auth.uid()) AND status <> 'published') -- auth.uid() is fine here as it's specific to USER
-    )
-  );
-COMMENT ON POLICY "pages_user_role_access" ON public.pages IS 'Authenticated USERS can read published pages or their own drafts. Admin/Writer SELECT via their management policy.';
--- "pages_anon_can_read_published" (FOR SELECT TO anon) is assumed fine.
--- "pages_admin_writer_management" (FOR ALL TO authenticated USING role IN (ADMIN,WRITER)) is assumed current.
-
--- == POSTS ==
--- Drop "posts_user_authenticated_access" from v4
-DROP POLICY IF EXISTS "posts_user_authenticated_access" ON public.posts;
--- Recreate explicitly for USER role
-CREATE POLICY "posts_user_role_access" ON public.posts
-  FOR SELECT
-  TO authenticated
-  USING (
-    (public.get_current_user_role() = 'USER') AND
-    (
-      (status = 'published' AND (published_at IS NULL OR published_at <= now())) OR
-      (author_id = (SELECT auth.uid()) AND status <> 'published') -- auth.uid() is fine here
-    )
-  );
-COMMENT ON POLICY "posts_user_role_access" ON public.posts IS 'Authenticated USERS can read published posts or their own drafts. Admin/Writer SELECT via their management policy.';
--- "posts_anon_can_read_published" (FOR SELECT TO anon) is assumed fine.
--- "posts_admin_writer_management" (FOR ALL TO authenticated USING role IN (ADMIN,WRITER)) is assumed current.
-
-
-COMMIT;