npm - @nextblock-cms/db - Versions diffs - 0.2.27 → 0.2.29 - Mend

@nextblock-cms/db 0.2.27 → 0.2.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (87) hide show

package/supabase/migrations/20250526191217_consolidate_blocks_select_rls.sql DELETED Viewed

@@ -1,79 +0,0 @@
--- supabase/migrations/YYYYMMDDHHMMSS_consolidate_blocks_select_rls.sql
--- (Replace YYYYMMDDHHMMSS with the actual timestamp of this migration file)
-BEGIN;
--- Drop existing policies for 'public.blocks' that will be replaced or refined.
--- This includes the broad "FOR ALL" policy and the specific "USER" SELECT policy
--- created in the previous debug migration.
-DROP POLICY IF EXISTS "blocks_admin_writer_management_reinstated" ON public.blocks;
-DROP POLICY IF EXISTS "blocks_auth_users_can_read_published_parents" ON public.blocks;
--- The "blocks_anon_can_read_published_content" policy can remain as it targets 'anon'
--- and does not conflict with 'authenticated' role policies for the linter's warning.
--- However, if you wish to have a completely clean slate before adding the consolidated one,
--- you can drop and re-add it. For this exercise, we'll assume it's fine and already specific.
--- If it was named "blocks_anon_can_read_published" from 20250526153321_optimize_rls_policies.sql:
--- DROP POLICY IF EXISTS "blocks_anon_can_read_published" ON public.blocks;
--- Or if it was "blocks_are_readable_if_parent_is_published" from 20250514171553_create_blocks_table.sql:
--- DROP POLICY IF EXISTS "blocks_are_readable_if_parent_is_published" ON public.blocks;
--- Re-creating the anon policy for clarity and to ensure it's exactly as needed:
-DROP POLICY IF EXISTS "blocks_anon_can_read_published_content" ON public.blocks; -- From debug migration
-DROP POLICY IF EXISTS "blocks_anon_can_read_published" ON public.blocks; -- From optimize_rls_policies
-DROP POLICY IF EXISTS "blocks_are_readable_if_parent_is_published" ON public.blocks; -- From initial table creation
-CREATE POLICY "blocks_anon_can_read_published_blocks" ON public.blocks
-  FOR SELECT
-  TO anon
-  USING (
-    (page_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.pages p WHERE p.id = blocks.page_id AND p.status = 'published')) OR
-    (post_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.posts pt WHERE pt.id = blocks.post_id AND pt.status = 'published' AND (pt.published_at IS NULL OR pt.published_at <= now())))
-  );
-COMMENT ON POLICY "blocks_anon_can_read_published_blocks" ON public.blocks IS 'Anonymous users can read blocks of published parent content.';
--- Create a single, comprehensive SELECT policy for ALL authenticated users on blocks
-CREATE POLICY "blocks_authenticated_comprehensive_select" ON public.blocks
-  FOR SELECT
-  TO authenticated
-  USING (
-    (
-      -- Condition for ADMIN or WRITER: they can read ALL blocks
-      (SELECT public.get_current_user_role()) IN ('ADMIN', 'WRITER')
-    ) OR
-    (
-      -- Condition for USER: they can read blocks of published parents
-      ((SELECT public.get_current_user_role()) = 'USER') AND
-      (
-        (page_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.pages p WHERE p.id = blocks.page_id AND p.status = 'published')) OR
-        (post_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.posts pt WHERE pt.id = blocks.post_id AND pt.status = 'published' AND (pt.published_at IS NULL OR pt.published_at <= now())))
-      )
-    )
-  );
-COMMENT ON POLICY "blocks_authenticated_comprehensive_select" ON public.blocks IS 'Comprehensive SELECT policy for authenticated users on the blocks table, differentiating access by role (ADMIN/WRITER see all, USER sees blocks of published parents).';
--- Re-add the specific management policies for INSERT, UPDATE, DELETE for ADMIN/WRITER.
--- These only have WITH CHECK (for INSERT/UPDATE) or USING (for DELETE/UPDATE) based on role.
--- These were the ones created in 20250526174710_separate_write_policies_v8.sql and are fine.
-CREATE POLICY "blocks_admin_writer_can_insert" ON public.blocks
-  FOR INSERT
-  TO authenticated
-  WITH CHECK ((SELECT public.get_current_user_role()) IN ('ADMIN', 'WRITER'));
-COMMENT ON POLICY "blocks_admin_writer_can_insert" ON public.blocks IS 'Admins/Writers can insert blocks.';
-CREATE POLICY "blocks_admin_writer_can_update" ON public.blocks
-  FOR UPDATE
-  TO authenticated
-  USING ((SELECT public.get_current_user_role()) IN ('ADMIN', 'WRITER')) -- Who can be targeted by an update
-  WITH CHECK ((SELECT public.get_current_user_role()) IN ('ADMIN', 'WRITER')); -- What rows can be created/modified by them
-COMMENT ON POLICY "blocks_admin_writer_can_update" ON public.blocks IS 'Admins/Writers can update blocks.';
-CREATE POLICY "blocks_admin_writer_can_delete" ON public.blocks
-  FOR DELETE
-  TO authenticated
-  USING ((SELECT public.get_current_user_role()) IN ('ADMIN', 'WRITER'));
-COMMENT ON POLICY "blocks_admin_writer_can_delete" ON public.blocks IS 'Admins/Writers can delete blocks.';
-COMMIT;

package/supabase/migrations/20250526192822_fix_handle_languages_update_search_path.sql DELETED Viewed

@@ -1,32 +0,0 @@
--- supabase/migrations/YYYYMMDDHHMMSS_fix_handle_languages_update_search_path.sql
--- (Replace YYYYMMDDHHMMSS with the actual timestamp of this migration file)
-BEGIN;
--- Step 1: Drop the existing trigger that depends on the function.
-DROP TRIGGER IF EXISTS on_languages_update ON public.languages;
--- Step 2: Now it's safe to drop and recreate the function.
-DROP FUNCTION IF EXISTS public.handle_languages_update();
-CREATE OR REPLACE FUNCTION public.handle_languages_update()
-RETURNS TRIGGER
-LANGUAGE plpgsql
-SECURITY DEFINER -- Explicitly set security context
-SET search_path = public -- Explicitly set search_path
-AS $$
-BEGIN
-  NEW.updated_at = now();
-  RETURN NEW;
-END;
-$$;
-COMMENT ON FUNCTION public.handle_languages_update() IS 'Sets updated_at timestamp on language update. Includes explicit search_path and security definer.';
--- Step 3: Re-create the trigger to use the updated function.
-CREATE TRIGGER on_languages_update
-  BEFORE UPDATE ON public.languages
-  FOR EACH ROW
-  EXECUTE PROCEDURE public.handle_languages_update();
-COMMIT;

package/supabase/migrations/20250527150500_fix_blocks_rls_policy.sql DELETED Viewed

@@ -1,54 +0,0 @@
--- Fix blocks RLS policy to resolve joined query issues
--- Replace public.get_current_user_role() with direct EXISTS queries
-BEGIN;
--- Drop the existing comprehensive SELECT policy that uses the problematic function
-DROP POLICY IF EXISTS "blocks_authenticated_comprehensive_select" ON public.blocks;
--- Drop the existing management policies that use the problematic function
-DROP POLICY IF EXISTS "blocks_admin_writer_can_insert" ON public.blocks;
-DROP POLICY IF EXISTS "blocks_admin_writer_can_update" ON public.blocks;
-DROP POLICY IF EXISTS "blocks_admin_writer_can_delete" ON public.blocks;
--- Create a new comprehensive SELECT policy using direct EXISTS queries
-CREATE POLICY "blocks_authenticated_comprehensive_select" ON public.blocks
-  FOR SELECT
-  TO authenticated
-  USING (
-    (
-      -- Condition for ADMIN or WRITER: they can read ALL blocks
-      EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role IN ('ADMIN', 'WRITER'))
-    ) OR
-    (
-      -- Condition for USER: they can read blocks of published parents
-      EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role = 'USER') AND
-      (
-        (page_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.pages p WHERE p.id = blocks.page_id AND p.status = 'published')) OR
-        (post_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.posts pt WHERE pt.id = blocks.post_id AND pt.status = 'published' AND (pt.published_at IS NULL OR pt.published_at <= now())))
-      )
-    )
-  );
-COMMENT ON POLICY "blocks_authenticated_comprehensive_select" ON public.blocks IS 'Comprehensive SELECT policy for authenticated users on the blocks table, differentiating access by role (ADMIN/WRITER see all, USER sees blocks of published parents). Uses direct EXISTS queries to avoid function call issues in joined queries.';
--- Re-create the management policies using direct EXISTS queries
-CREATE POLICY "blocks_admin_writer_can_insert" ON public.blocks
-  FOR INSERT
-  TO authenticated
-  WITH CHECK (EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role IN ('ADMIN', 'WRITER')));
-COMMENT ON POLICY "blocks_admin_writer_can_insert" ON public.blocks IS 'Admins/Writers can insert blocks.';
-CREATE POLICY "blocks_admin_writer_can_update" ON public.blocks
-  FOR UPDATE
-  TO authenticated
-  USING (EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role IN ('ADMIN', 'WRITER'))) -- Who can be targeted by an update
-  WITH CHECK (EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role IN ('ADMIN', 'WRITER'))); -- What rows can be created/modified by them
-COMMENT ON POLICY "blocks_admin_writer_can_update" ON public.blocks IS 'Admins/Writers can update blocks.';
-CREATE POLICY "blocks_admin_writer_can_delete" ON public.blocks
-  FOR DELETE
-  TO authenticated
-  USING (EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role IN ('ADMIN', 'WRITER')));
-COMMENT ON POLICY "blocks_admin_writer_can_delete" ON public.blocks IS 'Admins/Writers can delete blocks.';
-COMMIT;

package/supabase/migrations/20250602150602_add_blur_data_url_to_media.sql DELETED Viewed

@@ -1,4 +0,0 @@
-ALTER TABLE public.media
-ADD COLUMN blur_data_url TEXT NULL;
-COMMENT ON COLUMN public.media.blur_data_url IS 'Stores the base64 encoded string for image blur placeholders.';

package/supabase/migrations/20250602150959_add_variants_to_media.sql DELETED Viewed

@@ -1,4 +0,0 @@
-ALTER TABLE public.media
-ADD COLUMN variants JSONB NULL;
-COMMENT ON COLUMN public.media.variants IS 'Stores an array of image variant objects, including different sizes and formats.';

package/supabase/migrations/20250618124000_create_get_my_claim_function.sql DELETED Viewed

@@ -1,5 +0,0 @@
-CREATE OR REPLACE FUNCTION get_my_claim(claim TEXT)
-RETURNS JSONB AS $$
-  SET search_path = '';
-  SELECT COALESCE(current_setting('request.jwt.claims', true)::JSONB ->> claim, NULL)::JSONB
-$$ LANGUAGE SQL STABLE;

package/supabase/migrations/20250618124100_create_logos_table.sql DELETED Viewed

@@ -1,29 +0,0 @@
-CREATE TABLE public.logos (
-    id uuid NOT NULL DEFAULT gen_random_uuid(),
-    created_at timestamp with time zone NOT NULL DEFAULT now(),
-    name text NOT NULL,
-    media_id uuid,
-    CONSTRAINT logos_pkey PRIMARY KEY (id),
-    CONSTRAINT logos_media_id_fkey FOREIGN KEY (media_id) REFERENCES public.media(id) ON DELETE SET NULL
-);
-COMMENT ON TABLE public.logos IS 'Stores company and brand logos.';
-COMMENT ON COLUMN public.logos.name IS 'The name of the brand or company for the logo.';
-COMMENT ON COLUMN public.logos.media_id IS 'Foreign key to the media table for the logo image.';
-GRANT SELECT, INSERT, UPDATE, DELETE ON TABLE public.logos TO authenticated;
-ALTER TABLE public.logos ENABLE ROW LEVEL SECURITY;
-CREATE POLICY "Allow read access for authenticated users on logos"
-ON public.logos
-FOR SELECT
-TO authenticated
-USING (true);
-CREATE POLICY "Allow admin users to manage logos"
-ON public.logos
-FOR ALL
-TO authenticated
-USING (((SELECT get_my_claim('user_role'::text)) = '"admin"'::jsonb))
-WITH CHECK (((SELECT get_my_claim('user_role'::text)) = '"admin"'::jsonb));

package/supabase/migrations/20250618130000_fix_linter_warnings.sql DELETED Viewed

@@ -1,58 +0,0 @@
--- Fix multiple permissive policies on logos table
-DROP POLICY IF EXISTS "Allow admin users to manage logos" ON public.logos;
-DROP POLICY IF EXISTS "Allow read access for authenticated users on logos" ON public.logos;
-CREATE POLICY "Allow read access for authenticated users on logos"
-ON public.logos
-FOR SELECT
-TO authenticated
-USING (true);
-CREATE POLICY "Allow admin users to insert logos"
-ON public.logos
-FOR INSERT TO authenticated
-WITH CHECK ((get_my_claim('user_role'::text) = '"admin"'::jsonb));
-CREATE POLICY "Allow admin users to update logos"
-ON public.logos
-FOR UPDATE TO authenticated
-USING ((get_my_claim('user_role'::text) = '"admin"'::jsonb))
-WITH CHECK ((get_my_claim('user_role'::text) = '"admin"'::jsonb));
-CREATE POLICY "Allow admin users to delete logos"
-ON public.logos
-FOR DELETE TO authenticated
-USING ((get_my_claim('user_role'::text) = '"admin"'::jsonb));
--- Fix mutable search path for get_my_claim
-CREATE OR REPLACE FUNCTION get_my_claim(claim TEXT)
-RETURNS JSONB AS $$
-  SET search_path = '';
-  SELECT COALESCE(current_setting('request.jwt.claims', true)::JSONB ->> claim, NULL)::JSONB
-$$ LANGUAGE SQL STABLE;
--- Optimize RLS policies on blocks table
-DROP POLICY IF EXISTS "blocks_are_readable_if_parent_is_published" ON public.blocks;
-DROP POLICY IF EXISTS "admins_and_writers_can_manage_blocks" ON public.blocks;
-CREATE POLICY "blocks_are_readable_if_parent_is_published"
-ON public.blocks FOR SELECT
-TO anon, authenticated
-USING (
-  (page_id IS NOT NULL AND EXISTS (
-    SELECT 1
-    FROM public.pages p
-    WHERE p.id = blocks.page_id AND p.status = 'published'
-  )) OR
-  (post_id IS NOT NULL AND EXISTS (
-    SELECT 1
-    FROM public.posts pt
-    WHERE pt.id = blocks.post_id AND pt.status = 'published' AND (pt.published_at IS NULL OR pt.published_at <= now())
-  ))
-);
-CREATE POLICY "admins_and_writers_can_manage_blocks"
-ON public.blocks FOR ALL
-TO authenticated
-USING ((SELECT get_my_claim('user_role'::text)) IN ('"admin"', '"writer"'))
-WITH CHECK ((SELECT get_my_claim('user_role'::text)) IN ('"admin"', '"writer"'));

package/supabase/migrations/20250618151500_revert_storage_rls.sql DELETED Viewed

@@ -1,6 +0,0 @@
--- Reverts the RLS policies on storage.objects that caused the upload failure.
-DROP POLICY IF EXISTS "allow_authenticated_uploads" ON storage.objects;
-DROP POLICY IF EXISTS "allow_authenticated_select" ON storage.objects;
-DROP POLICY IF EXISTS "allow_authenticated_updates" ON storage.objects;
-DROP POLICY IF EXISTS "allow_authenticated_deletes" ON storage.objects;

package/supabase/migrations/20250619084800_reinstate_storage_rls.sql DELETED Viewed

@@ -1,13 +0,0 @@
--- Re-enables RLS policies for storage.objects to allow authenticated uploads.
--- Adds a policy allowing authenticated users to upload files
-CREATE POLICY "allow_authenticated_uploads" ON storage.objects FOR INSERT TO authenticated WITH CHECK (bucket_id = 'public' AND owner = auth.uid());
--- Allow authenticated users to SELECT files
-CREATE POLICY "allow_authenticated_select" ON storage.objects FOR SELECT TO authenticated USING (bucket_id = 'public');
--- Allow authenticated users to UPDATE their own files
-CREATE POLICY "allow_authenticated_updates" ON storage.objects FOR UPDATE TO authenticated USING (bucket_id = 'public' AND owner = auth.uid());
--- Allow authenticated users to DELETE their own files
-CREATE POLICY "allow_authenticated_deletes" ON storage.objects FOR DELETE TO authenticated USING (bucket_id = 'public' AND owner = auth.uid());

package/supabase/migrations/20250619092430_widen_logo_insert_policy.sql DELETED Viewed

@@ -1,6 +0,0 @@
-DROP POLICY IF EXISTS "Allow admins to manage logos" ON public.logos;
-CREATE POLICY "Allow admin and writer users to insert logos"
-ON public.logos
-FOR INSERT TO authenticated
-WITH CHECK ((get_my_claim('user_role'::text) IN ('"admin"'::jsonb, '"writer"'::jsonb)));

package/supabase/migrations/20250619093122_fix_get_my_claim_volatility.sql DELETED Viewed

@@ -1,5 +0,0 @@
-CREATE OR REPLACE FUNCTION get_my_claim(claim TEXT)
-RETURNS JSONB AS $$
-  SET search_path = '';
-  SELECT COALESCE(current_setting('request.jwt.claims', true)::JSONB ->> claim, NULL)::JSONB
-$$ LANGUAGE SQL VOLATILE;

package/supabase/migrations/20250619104249_consolidated_logo_rls_fix.sql DELETED Viewed

@@ -1,56 +0,0 @@
--- Step 1: Drop all dependent policies first.
-DROP POLICY IF EXISTS "Allow admins to manage logos" ON public.logos;
-DROP POLICY IF EXISTS "Allow users to insert logos" ON public.logos;
-DROP POLICY IF EXISTS "Allow logo insert for writers and admins" ON public.logos;
-DROP POLICY IF EXISTS "Allow logo update for admins" ON public.logos;
-DROP POLICY IF EXISTS "Allow logo delete for admins" ON public.logos;
--- Step 2: Drop the old function to avoid return type conflicts.
--- Note: It's critical to drop policies before the function they depend on.
-DROP FUNCTION IF EXISTS get_my_claim(text) CASCADE;
--- Step 3: Redefine the get_my_claim function to be more robust and return TEXT.
--- This avoids JSON casting errors and type mismatches in policies.
-CREATE OR REPLACE FUNCTION get_my_claim(claim TEXT)
-RETURNS TEXT AS $$
-DECLARE
-    claims jsonb;
-    claim_value text;
-BEGIN
-    -- Safely get claims, defaulting to NULL if not present or invalid JSON
-    BEGIN
-        claims := current_setting('request.jwt.claims', true)::jsonb;
-    EXCEPTION
-        WHEN invalid_text_representation THEN
-            claims := NULL;
-    END;
-    -- If claims are NULL, return NULL
-    IF claims IS NULL THEN
-        RETURN NULL;
-    END IF;
-    -- Safely extract the claim value as text, removing quotes
-    claim_value := claims ->> claim;
-    RETURN claim_value;
-END;
-$$ LANGUAGE plpgsql VOLATILE;
--- Create the new, correct policies using the updated function
-CREATE POLICY "Allow logo insert for authenticated users"
-ON public.logos
-FOR INSERT
-WITH CHECK (auth.role() = 'authenticated');
-CREATE POLICY "Allow logo update for authenticated users"
-ON public.logos
-FOR UPDATE
-USING (auth.role() = 'authenticated')
-WITH CHECK (auth.role() = 'authenticated');
-CREATE POLICY "Allow logo delete for authenticated users"
-ON public.logos
-FOR DELETE
-USING (auth.role() = 'authenticated');

package/supabase/migrations/20250619110700_fix_logo_rls_again.sql DELETED Viewed

@@ -1,59 +0,0 @@
--- Step 1: Drop all dependent policies first.
-DROP POLICY IF EXISTS "Allow admins to manage logos" ON public.logos;
-DROP POLICY IF EXISTS "Allow users to insert logos" ON public.logos;
-DROP POLICY IF EXISTS "Allow logo insert for writers and admins" ON public.logos;
-DROP POLICY IF EXISTS "Allow logo update for admins" ON public.logos;
-DROP POLICY IF EXISTS "Allow logo delete for admins" ON public.logos;
-DROP POLICY IF EXISTS "Allow logo insert for authenticated users" ON public.logos;
-DROP POLICY IF EXISTS "Allow logo update for authenticated users" ON public.logos;
-DROP POLICY IF EXISTS "Allow logo delete for authenticated users" ON public.logos;
--- Step 2: Drop the old function to avoid return type conflicts.
--- Note: It's critical to drop policies before the function they depend on.
-DROP FUNCTION IF EXISTS get_my_claim(text) CASCADE;
--- Step 3: Redefine the get_my_claim function to be more robust and return TEXT.
--- This avoids JSON casting errors and type mismatches in policies.
-CREATE OR REPLACE FUNCTION get_my_claim(claim TEXT)
-RETURNS TEXT AS $$
-DECLARE
-    claims jsonb;
-    claim_value text;
-BEGIN
-    -- Safely get claims, defaulting to NULL if not present or invalid JSON
-    BEGIN
-        claims := current_setting('request.jwt.claims', true)::jsonb;
-    EXCEPTION
-        WHEN invalid_text_representation THEN
-            claims := NULL;
-    END;
-    -- If claims are NULL, return NULL
-    IF claims IS NULL THEN
-        RETURN NULL;
-    END IF;
-    -- Safely extract the claim value as text, removing quotes
-    claim_value := claims ->> claim;
-    RETURN claim_value;
-END;
-$$ LANGUAGE plpgsql VOLATILE;
--- Create the new, correct policies using the updated function
-CREATE POLICY "Allow logo insert for authenticated users"
-ON public.logos
-FOR INSERT
-WITH CHECK (auth.role() = 'authenticated');
-CREATE POLICY "Allow logo update for authenticated users"
-ON public.logos
-FOR UPDATE
-USING (auth.role() = 'authenticated')
-WITH CHECK (auth.role() = 'authenticated');
-CREATE POLICY "Allow logo delete for authenticated users"
-ON public.logos
-FOR DELETE
-USING (auth.role() = 'authenticated');

package/supabase/migrations/20250619113200_add_file_path_to_media.sql DELETED Viewed

@@ -1,4 +0,0 @@
-ALTER TABLE public.media
-ADD COLUMN file_path TEXT;
-COMMENT ON COLUMN public.media.file_path IS 'The full path to the file in the storage bucket.';

package/supabase/migrations/20250619124100_fix_rls_performance_warnings.sql DELETED Viewed

@@ -1,74 +0,0 @@
-BEGIN;
--- Drop existing policies for 'public.logos'
-DROP POLICY IF EXISTS "Allow logo insert for authenticated users" ON public.logos;
-DROP POLICY IF EXISTS "Allow logo update for authenticated users" ON public.logos;
-DROP POLICY IF EXISTS "Allow logo delete for authenticated users" ON public.logos;
--- Recreate policies for 'public.logos' with optimized auth calls
-CREATE POLICY "Allow logo insert for authenticated users"
-ON public.logos
-FOR INSERT
-WITH CHECK ((SELECT auth.role()) = 'authenticated');
-CREATE POLICY "Allow logo update for authenticated users"
-ON public.logos
-FOR UPDATE
-USING ((SELECT auth.role()) = 'authenticated')
-WITH CHECK ((SELECT auth.role()) = 'authenticated');
-CREATE POLICY "Allow logo delete for authenticated users"
-ON public.logos
-FOR DELETE
-USING ((SELECT auth.role()) = 'authenticated');
--- Drop existing policies for 'public.blocks'
-DROP POLICY IF EXISTS "blocks_authenticated_comprehensive_select" ON public.blocks;
-DROP POLICY IF EXISTS "blocks_admin_writer_can_insert" ON public.blocks;
-DROP POLICY IF EXISTS "blocks_admin_writer_can_update" ON public.blocks;
-DROP POLICY IF EXISTS "blocks_admin_writer_can_delete" ON public.blocks;
-DROP POLICY IF EXISTS "blocks_anon_can_read_published_blocks" ON public.blocks;
-DROP POLICY IF EXISTS "blocks_are_readable_if_parent_is_published" ON public.blocks;
--- Create a new comprehensive SELECT policy for 'public.blocks'
-CREATE POLICY "Allow read access to blocks" ON public.blocks
-FOR SELECT USING (
-  (
-    -- Anonymous users can read blocks of published content
-    (SELECT auth.role()) = 'anon' AND
-    (
-      (page_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.pages p WHERE p.id = blocks.page_id AND p.status = 'published')) OR
-      (post_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.posts pt WHERE pt.id = blocks.post_id AND pt.status = 'published' AND (pt.published_at IS NULL OR pt.published_at <= now())))
-    )
-  ) OR (
-    -- Authenticated users have role-based access
-    (SELECT auth.role()) = 'authenticated' AND
-    (
-      (
-        -- ADMIN or WRITER can read all blocks
-        EXISTS (SELECT 1 FROM public.profiles WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER'))
-      ) OR
-      (
-        -- USER can read blocks of published parents
-        EXISTS (SELECT 1 FROM public.profiles WHERE id = (SELECT auth.uid()) AND role = 'USER') AND
-        (
-          (page_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.pages p WHERE p.id = blocks.page_id AND p.status = 'published')) OR
-          (post_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.posts pt WHERE pt.id = blocks.post_id AND pt.status = 'published' AND (pt.published_at IS NULL OR pt.published_at <= now())))
-        )
-      )
-    )
-  )
-);
--- Re-create the management policies for 'public.blocks' with optimized auth calls
-CREATE POLICY "Allow insert for admins and writers on blocks" ON public.blocks
-FOR INSERT WITH CHECK (EXISTS (SELECT 1 FROM public.profiles WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER')));
-CREATE POLICY "Allow update for admins and writers on blocks" ON public.blocks
-FOR UPDATE USING (EXISTS (SELECT 1 FROM public.profiles WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER')))
-WITH CHECK (EXISTS (SELECT 1 FROM public.profiles WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER')));
-CREATE POLICY "Allow delete for admins and writers on blocks" ON public.blocks
-FOR DELETE USING (EXISTS (SELECT 1 FROM public.profiles WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER')));
-COMMIT;

package/supabase/migrations/20250619195500_create_site_settings_table.sql DELETED Viewed

@@ -1,28 +0,0 @@
--- supabase/migrations/20250619195500_create_site_settings_table.sql
-CREATE TABLE public.site_settings (
-    key TEXT PRIMARY KEY,
-    value JSONB
-);
--- Enable RLS
-ALTER TABLE public.site_settings ENABLE ROW LEVEL SECURITY;
--- Allow admins to do everything
-CREATE POLICY "Allow admins full access on site_settings"
-ON public.site_settings
-FOR ALL
-TO authenticated
-USING (get_my_claim('user_role') = '"admin"');
--- Allow authenticated users to read settings
-CREATE POLICY "Allow authenticated users to read site_settings"
-ON public.site_settings
-FOR SELECT
-TO authenticated
-USING (true);
--- Seed initial copyright setting
-INSERT INTO public.site_settings (key, value)
-VALUES ('footer_copyright', '{"en": "© {year} Nextblock CMS. All rights reserved.", "fr": "© {year} Nextblock CMS. Tous droits réservés."}')
-ON CONFLICT (key) DO NOTHING;

package/supabase/migrations/20250619201500_add_anon_read_to_site_settings.sql DELETED Viewed

@@ -1,7 +0,0 @@
--- supabase/migrations/20250619201500_add_anon_read_to_site_settings.sql
-CREATE POLICY "Allow public read access to site_settings"
-ON public.site_settings
-FOR SELECT
-TO anon
-USING (true);

package/supabase/migrations/20250619202000_add_is_active_to_languages.sql DELETED Viewed

@@ -1,5 +0,0 @@
--- Add is_active column to languages table
-ALTER TABLE public.languages
-ADD COLUMN is_active BOOLEAN NOT NULL DEFAULT true;
-COMMENT ON COLUMN public.languages.is_active IS 'Indicates if the language is currently active and available for use.';

package/supabase/migrations/20250620085700_fix_site_settings_write_rls.sql DELETED Viewed

@@ -1,27 +0,0 @@
--- Drop existing policies if they exist to avoid conflicts.
-DROP POLICY IF EXISTS "Allow ADMIN and WRITER to insert into site_settings" ON public.site_settings;
-DROP POLICY IF EXISTS "Allow ADMIN and WRITER to update site_settings" ON public.site_settings;
-DROP POLICY IF EXISTS "Allow ADMIN and WRITER to modify site_settings" ON public.site_settings;
--- This policy grants permission to insert into the site_settings table
--- to any authenticated user whose role in the profiles table is 'ADMIN' or 'WRITER'.
-CREATE POLICY "Allow ADMIN and WRITER to insert into site_settings"
-ON public.site_settings
-FOR INSERT
-TO authenticated
-WITH CHECK (
-  (SELECT role FROM public.profiles WHERE id = auth.uid()) IN ('ADMIN', 'WRITER')
-);
--- This policy grants permission to update the site_settings table
--- to any authenticated user whose role in the profiles table is 'ADMIN' or 'WRITER'.
-CREATE POLICY "Allow ADMIN and WRITER to update site_settings"
-ON public.site_settings
-FOR UPDATE
-TO authenticated
-USING (
-  (SELECT role FROM public.profiles WHERE id = auth.uid()) IN ('ADMIN', 'WRITER')
-)
-WITH CHECK (
-  (SELECT role FROM public.profiles WHERE id = auth.uid()) IN ('ADMIN', 'WRITER')
-);

package/supabase/migrations/20250620095500_fix_profiles_read_rls.sql DELETED Viewed

@@ -1,11 +0,0 @@
--- Drop the policy if it exists to ensure a clean state.
-DROP POLICY IF EXISTS "Allow user to read their own profile" ON public.profiles;
--- This policy allows an authenticated user to read their own row from the profiles table.
--- This is necessary for other RLS policies (like the one on site_settings) to be able
--- to look up the user's role during policy evaluation.
-CREATE POLICY "Allow user to read their own profile"
-ON public.profiles
-FOR SELECT
-TO authenticated
-USING (auth.uid() = id);

package/supabase/migrations/20250620100000_use_security_definer_for_rls.sql DELETED Viewed

@@ -1,39 +0,0 @@
--- Drop all previous policies on site_settings to ensure a clean slate.
-DROP POLICY IF EXISTS "Allow ADMIN and WRITER to insert into site_settings" ON public.site_settings;
-DROP POLICY IF EXISTS "Allow ADMIN and WRITER to update site_settings" ON public.site_settings;
-DROP POLICY IF EXISTS "Allow ADMIN and WRITER to modify site_settings" ON public.site_settings;
--- Create a trusted, elevated-privilege function to get the current user's role.
--- SECURITY DEFINER makes it run with the permissions of the function owner, bypassing nested RLS.
-CREATE OR REPLACE FUNCTION get_my_role()
-RETURNS TEXT AS $$
-DECLARE
-  user_role TEXT;
-BEGIN
-  SELECT role INTO user_role FROM public.profiles WHERE id = auth.uid();
-  RETURN user_role;
-END;
-$$ LANGUAGE plpgsql SECURITY DEFINER;
--- This policy grants permission to insert into the site_settings table
--- by using the trusted function to check the user's role.
-CREATE POLICY "Allow insert based on user role"
-ON public.site_settings
-FOR INSERT
-TO authenticated
-WITH CHECK (
-  get_my_role() IN ('ADMIN', 'WRITER')
-);
--- This policy grants permission to update the site_settings table
--- by using the trusted function to check the user's role.
-CREATE POLICY "Allow update based on user role"
-ON public.site_settings
-FOR UPDATE
-TO authenticated
-USING (
-  get_my_role() IN ('ADMIN', 'WRITER')
-)
-WITH CHECK (
-  get_my_role() IN ('ADMIN', 'WRITER')
-);

package/supabase/migrations/20250620130000_add_public_read_to_logos.sql DELETED Viewed

@@ -1,4 +0,0 @@
-CREATE POLICY "Allow public read access to logos"
-ON public.logos
-FOR SELECT
-USING (true);