npm - @nextblock-cms/db - Versions diffs - 0.2.8 → 0.2.10 - Mend

@nextblock-cms/db 0.2.8 → 0.2.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (86) hide show

package/supabase/migrations/20250526183746_fix_media_select_rls_v12.sql DELETED Viewed

@@ -1,39 +0,0 @@
--- supabase/migrations/YYYYMMDDHHMMSS_fix_media_select_rls_v12.sql
-BEGIN;
--- == MEDIA ==
--- Drop the existing specific SELECT policy for the 'USER' role,
--- as we will replace it with a broader one for all authenticated users.
-DROP POLICY IF EXISTS "media_user_role_can_read" ON public.media;
--- Drop any older variations that might exist from previous attempts if their names were different
-DROP POLICY IF EXISTS "media_user_can_read" ON public.media;
-DROP POLICY IF EXISTS "media_readable_by_anon_and_non_privileged_users" ON public.media;
--- Policy for anonymous users to read media (ensure this is in place and correct)
--- This policy allows anyone to read any media record if no other policy restricts them.
--- This is generally desired if your R2 bucket URLs are guessable or if images are meant to be public.
-DROP POLICY IF EXISTS "media_anon_can_read" ON public.media; -- From _v6/_v7 logic
-DROP POLICY IF EXISTS "media_is_publicly_readable_by_all" ON public.media; -- From _v8 logic
-DROP POLICY IF EXISTS "media_is_readable_by_all" ON public.media; -- Older name
-DROP POLICY IF EXISTS "media_are_publicly_readable" ON public.media; -- Older name
-CREATE POLICY "media_public_can_read" ON public.media
-  FOR SELECT
-  USING (true); -- Allows both 'anon' and 'authenticated' roles to read by default
-COMMENT ON POLICY "media_public_can_read" ON public.media IS 'All users (anonymous and authenticated) can read media records. This is the general read access.';
--- The admin/writer management policies for INSERT, UPDATE, DELETE remain as they are (write-only).
--- e.g., "media_admin_writer_can_insert", "media_admin_writer_can_update", "media_admin_writer_can_delete"
--- These do NOT provide SELECT access.
--- With the "media_public_can_read" policy USING (true), all authenticated users (USER, WRITER, ADMIN)
--- will have SELECT access. This should resolve the error when fetching feature_image_id details
--- and allow images to be displayed.
--- This will also mean the linter should not complain about "multiple permissive policies for authenticated SELECT"
--- because the management policies are write-only, and there's now one clear "public read" policy for SELECT.
-COMMIT;

package/supabase/migrations/20250526184205_consolidate_content_read_rls_v13.sql DELETED Viewed

@@ -1,61 +0,0 @@
--- supabase/migrations/YYYYMMDDHHMMSS_consolidate_content_read_rls_v13.sql
-BEGIN;
--- == POSTS ==
--- Drop the existing separate SELECT policies for authenticated users on posts
-DROP POLICY IF EXISTS "posts_authenticated_can_read_published" ON public.posts;
-DROP POLICY IF EXISTS "posts_authors_can_read_own_drafts" ON public.posts;
--- Drop any older variations that might exist
-DROP POLICY IF EXISTS "posts_user_role_can_read" ON public.posts;
-DROP POLICY IF EXISTS "posts_user_authenticated_access" ON public.posts;
-DROP POLICY IF EXISTS "posts_authenticated_access" ON public.posts;
--- Create a single, comprehensive SELECT policy for authenticated users on posts
-CREATE POLICY "posts_authenticated_comprehensive_read" ON public.posts
-  FOR SELECT
-  TO authenticated
-  USING (
-    -- Condition 1: Any authenticated user can read PUBLISHED posts
-    (status = 'published' AND (published_at IS NULL OR published_at <= now())) OR
-    -- Condition 2: Authenticated authors can read their OWN NON-PUBLISHED posts
-    (author_id = (SELECT auth.uid()) AND status <> 'published') OR
-    -- Condition 3: ADMINs and WRITERs can read ALL posts (any status)
-    (public.get_current_user_role() IN ('ADMIN', 'WRITER'))
-  );
-COMMENT ON POLICY "posts_authenticated_comprehensive_read" ON public.posts IS 'Handles all SELECT scenarios for authenticated users: published for all, own drafts for authors, and all posts for admins/writers.';
--- "posts_anon_can_read_published" (FOR SELECT TO anon) is assumed to be correct and in place.
--- Admin/Writer management policies (FOR INSERT, UPDATE, DELETE) are assumed to be correct and in place.
--- == PAGES ==
--- Drop the existing separate SELECT policies for authenticated users on pages
-DROP POLICY IF EXISTS "pages_authenticated_can_read_published" ON public.pages; -- If created in a previous step
-DROP POLICY IF EXISTS "pages_authors_can_read_own_drafts" ON public.pages; -- If created
-DROP POLICY IF EXISTS "pages_user_role_can_read" ON public.pages;
-DROP POLICY IF EXISTS "pages_user_authenticated_access" ON public.pages;
-DROP POLICY IF EXISTS "pages_authenticated_access" ON public.pages;
--- Create a single, comprehensive SELECT policy for authenticated users on pages
-CREATE POLICY "pages_authenticated_comprehensive_read" ON public.pages
-  FOR SELECT
-  TO authenticated
-  USING (
-    -- Condition 1: Any authenticated user can read PUBLISHED pages
-    (status = 'published') OR
-    -- Condition 2: Authenticated authors can read their OWN NON-PUBLISHED pages
-    (author_id = (SELECT auth.uid()) AND status <> 'published') OR
-    -- Condition 3: ADMINs and WRITERs can read ALL pages (any status)
-    (public.get_current_user_role() IN ('ADMIN', 'WRITER'))
-  );
-COMMENT ON POLICY "pages_authenticated_comprehensive_read" ON public.pages IS 'Handles all SELECT scenarios for authenticated users: published for all, own drafts for authors, and all pages for admins/writers.';
--- "pages_anon_can_read_published" (FOR SELECT TO anon) is assumed to be correct and in place.
--- Admin/Writer management policies (FOR INSERT, UPDATE, DELETE) are assumed to be correct and in place.
-COMMIT;

package/supabase/migrations/20250526185854_optimize_indexes.sql DELETED Viewed

@@ -1,47 +0,0 @@
--- supabase/migrations/YYYYMMDDHHMMSS_optimize_indexes.sql
--- (Replace YYYYMMDDHHMMSS with the actual timestamp of this migration file, e.g., 20250526185854)
-BEGIN;
--- Add indexes for foreign keys in the 'public.blocks' table
-CREATE INDEX IF NOT EXISTS idx_blocks_language_id ON public.blocks(language_id);
-COMMENT ON INDEX public.idx_blocks_language_id IS 'Index for the foreign key blocks_language_id_fkey on public.blocks.';
-CREATE INDEX IF NOT EXISTS idx_blocks_page_id ON public.blocks(page_id);
-COMMENT ON INDEX public.idx_blocks_page_id IS 'Index for the foreign key blocks_page_id_fkey on public.blocks.';
-CREATE INDEX IF NOT EXISTS idx_blocks_post_id ON public.blocks(post_id);
-COMMENT ON INDEX public.idx_blocks_post_id IS 'Index for the foreign key blocks_post_id_fkey on public.blocks.';
--- Add index for foreign key in the 'public.media' table
-CREATE INDEX IF NOT EXISTS idx_media_uploader_id ON public.media(uploader_id);
-COMMENT ON INDEX public.idx_media_uploader_id IS 'Index for the foreign key media_uploader_id_fkey on public.media.';
--- Add indexes for foreign keys in the 'public.navigation_items' table
-CREATE INDEX IF NOT EXISTS idx_navigation_items_language_id ON public.navigation_items(language_id);
-COMMENT ON INDEX public.idx_navigation_items_language_id IS 'Index for the foreign key navigation_items_language_id_fkey on public.navigation_items.';
-CREATE INDEX IF NOT EXISTS idx_navigation_items_page_id ON public.navigation_items(page_id);
-COMMENT ON INDEX public.idx_navigation_items_page_id IS 'Index for the foreign key navigation_items_page_id_fkey on public.navigation_items.';
-CREATE INDEX IF NOT EXISTS idx_navigation_items_parent_id ON public.navigation_items(parent_id);
-COMMENT ON INDEX public.idx_navigation_items_parent_id IS 'Index for the foreign key navigation_items_parent_id_fkey on public.navigation_items.';
--- Add index for foreign key in the 'public.pages' table
-CREATE INDEX IF NOT EXISTS idx_pages_author_id ON public.pages(author_id);
-COMMENT ON INDEX public.idx_pages_author_id IS 'Index for the foreign key pages_author_id_fkey on public.pages.';
--- Add indexes for foreign keys in the 'public.posts' table
-CREATE INDEX IF NOT EXISTS idx_posts_feature_image_id ON public.posts(feature_image_id);
-COMMENT ON INDEX public.idx_posts_feature_image_id IS 'Index for the foreign key fk_feature_image on public.posts.';
-CREATE INDEX IF NOT EXISTS idx_posts_author_id ON public.posts(author_id);
-COMMENT ON INDEX public.idx_posts_author_id IS 'Index for the foreign key posts_author_id_fkey on public.posts.';
--- Remove unused index in 'public.navigation_items' table
--- The linter identified 'idx_navigation_items_translation_group_id' as unused.
--- This index was created in migration 20250520171900_add_translation_group_to_nav_items.sql
-DROP INDEX IF EXISTS public.idx_navigation_items_translation_group_id;
--- The COMMENT ON for the dropped index has been removed to prevent the error.
-COMMIT;

package/supabase/migrations/20250526190900_debug_blocks_rls.sql DELETED Viewed

@@ -1,56 +0,0 @@
--- supabase/migrations/YYYYMMDDHHMMSS_debug_blocks_rls.sql
-BEGIN;
--- Drop the more specific separated write policies for blocks from v8
-DROP POLICY IF EXISTS "blocks_admin_writer_can_insert" ON public.blocks;
-DROP POLICY IF EXISTS "blocks_admin_writer_can_update" ON public.blocks;
-DROP POLICY IF EXISTS "blocks_admin_writer_can_delete" ON public.blocks;
--- Reinstate a broad "FOR ALL" policy for ADMINS and WRITERS on blocks
--- This is similar to what was effectively in place before v8 for admin/writer management.
-CREATE POLICY "blocks_admin_writer_management_reinstated" ON public.blocks
-  FOR ALL -- Covers SELECT, INSERT, UPDATE, DELETE
-  TO authenticated
-  USING (public.get_current_user_role() IN ('ADMIN', 'WRITER'))
-  WITH CHECK (public.get_current_user_role() IN ('ADMIN', 'WRITER'));
-COMMENT ON POLICY "blocks_admin_writer_management_reinstated" ON public.blocks IS 'Reinstated FOR ALL policy for ADMIN/WRITER to manage blocks. This may cause linter warnings for SELECT overlaps if other SELECT policies exist but is for debugging block creation.';
--- Ensure SELECT policies for other roles are still in place and don't conflict in a breaking way.
--- The policies "blocks_anon_can_read_published" and "blocks_user_role_can_read_published_parents" (from v5/v7) handle reads for anon and USERs.
--- "blocks_anon_can_read_published" (FOR SELECT TO anon USING (...))
--- "blocks_user_role_can_read_published_parents" (FOR SELECT TO authenticated USING (public.get_current_user_role() = 'USER' AND ...))
--- Let's re-assert the anon read policy to be sure it's correct, as it was defined early on.
-DROP POLICY IF EXISTS "blocks_are_readable_if_parent_is_published" ON public.blocks; -- Original name from 20250514171553
-DROP POLICY IF EXISTS "blocks_anon_can_read_published" ON public.blocks; -- Renamed in 20250526153321
-CREATE POLICY "blocks_anon_can_read_published_content" ON public.blocks
-  FOR SELECT
-  TO anon
-  USING (
-    (page_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.pages p WHERE p.id = blocks.page_id AND p.status = 'published')) OR
-    (post_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.posts pt WHERE pt.id = blocks.post_id AND pt.status = 'published' AND (pt.published_at IS NULL OR pt.published_at <= now())))
-  );
-COMMENT ON POLICY "blocks_anon_can_read_published_content" ON public.blocks IS 'Anonymous users can read blocks of published parent pages/posts.';
--- Re-assert the USER role SELECT policy, ensuring it only applies to USER.
-DROP POLICY IF EXISTS "blocks_authenticated_user_access" ON public.blocks; -- From v4
-DROP POLICY IF EXISTS "blocks_user_role_can_read_published_parents" ON public.blocks; -- From v5/v7
-CREATE POLICY "blocks_auth_users_can_read_published_parents" ON public.blocks
-  FOR SELECT
-  TO authenticated
-  USING (
-    (public.get_current_user_role() = 'USER') AND -- Crucially, only applies to 'USER' role
-    (
-      (page_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.pages p WHERE p.id = blocks.page_id AND p.status = 'published')) OR
-      (post_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.posts pt WHERE pt.id = blocks.post_id AND pt.status = 'published' AND (pt.published_at IS NULL OR pt.published_at <= now())))
-    )
-  );
-COMMENT ON POLICY "blocks_auth_users_can_read_published_parents" ON public.blocks IS 'Authenticated USERS can read blocks of published parents. Admin/Writer SELECT is handled by their management policy.';
-COMMIT;

package/supabase/migrations/20250526191217_consolidate_blocks_select_rls.sql DELETED Viewed

@@ -1,79 +0,0 @@
--- supabase/migrations/YYYYMMDDHHMMSS_consolidate_blocks_select_rls.sql
--- (Replace YYYYMMDDHHMMSS with the actual timestamp of this migration file)
-BEGIN;
--- Drop existing policies for 'public.blocks' that will be replaced or refined.
--- This includes the broad "FOR ALL" policy and the specific "USER" SELECT policy
--- created in the previous debug migration.
-DROP POLICY IF EXISTS "blocks_admin_writer_management_reinstated" ON public.blocks;
-DROP POLICY IF EXISTS "blocks_auth_users_can_read_published_parents" ON public.blocks;
--- The "blocks_anon_can_read_published_content" policy can remain as it targets 'anon'
--- and does not conflict with 'authenticated' role policies for the linter's warning.
--- However, if you wish to have a completely clean slate before adding the consolidated one,
--- you can drop and re-add it. For this exercise, we'll assume it's fine and already specific.
--- If it was named "blocks_anon_can_read_published" from 20250526153321_optimize_rls_policies.sql:
--- DROP POLICY IF EXISTS "blocks_anon_can_read_published" ON public.blocks;
--- Or if it was "blocks_are_readable_if_parent_is_published" from 20250514171553_create_blocks_table.sql:
--- DROP POLICY IF EXISTS "blocks_are_readable_if_parent_is_published" ON public.blocks;
--- Re-creating the anon policy for clarity and to ensure it's exactly as needed:
-DROP POLICY IF EXISTS "blocks_anon_can_read_published_content" ON public.blocks; -- From debug migration
-DROP POLICY IF EXISTS "blocks_anon_can_read_published" ON public.blocks; -- From optimize_rls_policies
-DROP POLICY IF EXISTS "blocks_are_readable_if_parent_is_published" ON public.blocks; -- From initial table creation
-CREATE POLICY "blocks_anon_can_read_published_blocks" ON public.blocks
-  FOR SELECT
-  TO anon
-  USING (
-    (page_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.pages p WHERE p.id = blocks.page_id AND p.status = 'published')) OR
-    (post_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.posts pt WHERE pt.id = blocks.post_id AND pt.status = 'published' AND (pt.published_at IS NULL OR pt.published_at <= now())))
-  );
-COMMENT ON POLICY "blocks_anon_can_read_published_blocks" ON public.blocks IS 'Anonymous users can read blocks of published parent content.';
--- Create a single, comprehensive SELECT policy for ALL authenticated users on blocks
-CREATE POLICY "blocks_authenticated_comprehensive_select" ON public.blocks
-  FOR SELECT
-  TO authenticated
-  USING (
-    (
-      -- Condition for ADMIN or WRITER: they can read ALL blocks
-      (SELECT public.get_current_user_role()) IN ('ADMIN', 'WRITER')
-    ) OR
-    (
-      -- Condition for USER: they can read blocks of published parents
-      ((SELECT public.get_current_user_role()) = 'USER') AND
-      (
-        (page_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.pages p WHERE p.id = blocks.page_id AND p.status = 'published')) OR
-        (post_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.posts pt WHERE pt.id = blocks.post_id AND pt.status = 'published' AND (pt.published_at IS NULL OR pt.published_at <= now())))
-      )
-    )
-  );
-COMMENT ON POLICY "blocks_authenticated_comprehensive_select" ON public.blocks IS 'Comprehensive SELECT policy for authenticated users on the blocks table, differentiating access by role (ADMIN/WRITER see all, USER sees blocks of published parents).';
--- Re-add the specific management policies for INSERT, UPDATE, DELETE for ADMIN/WRITER.
--- These only have WITH CHECK (for INSERT/UPDATE) or USING (for DELETE/UPDATE) based on role.
--- These were the ones created in 20250526174710_separate_write_policies_v8.sql and are fine.
-CREATE POLICY "blocks_admin_writer_can_insert" ON public.blocks
-  FOR INSERT
-  TO authenticated
-  WITH CHECK ((SELECT public.get_current_user_role()) IN ('ADMIN', 'WRITER'));
-COMMENT ON POLICY "blocks_admin_writer_can_insert" ON public.blocks IS 'Admins/Writers can insert blocks.';
-CREATE POLICY "blocks_admin_writer_can_update" ON public.blocks
-  FOR UPDATE
-  TO authenticated
-  USING ((SELECT public.get_current_user_role()) IN ('ADMIN', 'WRITER')) -- Who can be targeted by an update
-  WITH CHECK ((SELECT public.get_current_user_role()) IN ('ADMIN', 'WRITER')); -- What rows can be created/modified by them
-COMMENT ON POLICY "blocks_admin_writer_can_update" ON public.blocks IS 'Admins/Writers can update blocks.';
-CREATE POLICY "blocks_admin_writer_can_delete" ON public.blocks
-  FOR DELETE
-  TO authenticated
-  USING ((SELECT public.get_current_user_role()) IN ('ADMIN', 'WRITER'));
-COMMENT ON POLICY "blocks_admin_writer_can_delete" ON public.blocks IS 'Admins/Writers can delete blocks.';
-COMMIT;

package/supabase/migrations/20250526192822_fix_handle_languages_update_search_path.sql DELETED Viewed

@@ -1,32 +0,0 @@
--- supabase/migrations/YYYYMMDDHHMMSS_fix_handle_languages_update_search_path.sql
--- (Replace YYYYMMDDHHMMSS with the actual timestamp of this migration file)
-BEGIN;
--- Step 1: Drop the existing trigger that depends on the function.
-DROP TRIGGER IF EXISTS on_languages_update ON public.languages;
--- Step 2: Now it's safe to drop and recreate the function.
-DROP FUNCTION IF EXISTS public.handle_languages_update();
-CREATE OR REPLACE FUNCTION public.handle_languages_update()
-RETURNS TRIGGER
-LANGUAGE plpgsql
-SECURITY DEFINER -- Explicitly set security context
-SET search_path = public -- Explicitly set search_path
-AS $$
-BEGIN
-  NEW.updated_at = now();
-  RETURN NEW;
-END;
-$$;
-COMMENT ON FUNCTION public.handle_languages_update() IS 'Sets updated_at timestamp on language update. Includes explicit search_path and security definer.';
--- Step 3: Re-create the trigger to use the updated function.
-CREATE TRIGGER on_languages_update
-  BEFORE UPDATE ON public.languages
-  FOR EACH ROW
-  EXECUTE PROCEDURE public.handle_languages_update();
-COMMIT;

package/supabase/migrations/20250527150500_fix_blocks_rls_policy.sql DELETED Viewed

@@ -1,54 +0,0 @@
--- Fix blocks RLS policy to resolve joined query issues
--- Replace public.get_current_user_role() with direct EXISTS queries
-BEGIN;
--- Drop the existing comprehensive SELECT policy that uses the problematic function
-DROP POLICY IF EXISTS "blocks_authenticated_comprehensive_select" ON public.blocks;
--- Drop the existing management policies that use the problematic function
-DROP POLICY IF EXISTS "blocks_admin_writer_can_insert" ON public.blocks;
-DROP POLICY IF EXISTS "blocks_admin_writer_can_update" ON public.blocks;
-DROP POLICY IF EXISTS "blocks_admin_writer_can_delete" ON public.blocks;
--- Create a new comprehensive SELECT policy using direct EXISTS queries
-CREATE POLICY "blocks_authenticated_comprehensive_select" ON public.blocks
-  FOR SELECT
-  TO authenticated
-  USING (
-    (
-      -- Condition for ADMIN or WRITER: they can read ALL blocks
-      EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role IN ('ADMIN', 'WRITER'))
-    ) OR
-    (
-      -- Condition for USER: they can read blocks of published parents
-      EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role = 'USER') AND
-      (
-        (page_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.pages p WHERE p.id = blocks.page_id AND p.status = 'published')) OR
-        (post_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.posts pt WHERE pt.id = blocks.post_id AND pt.status = 'published' AND (pt.published_at IS NULL OR pt.published_at <= now())))
-      )
-    )
-  );
-COMMENT ON POLICY "blocks_authenticated_comprehensive_select" ON public.blocks IS 'Comprehensive SELECT policy for authenticated users on the blocks table, differentiating access by role (ADMIN/WRITER see all, USER sees blocks of published parents). Uses direct EXISTS queries to avoid function call issues in joined queries.';
--- Re-create the management policies using direct EXISTS queries
-CREATE POLICY "blocks_admin_writer_can_insert" ON public.blocks
-  FOR INSERT
-  TO authenticated
-  WITH CHECK (EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role IN ('ADMIN', 'WRITER')));
-COMMENT ON POLICY "blocks_admin_writer_can_insert" ON public.blocks IS 'Admins/Writers can insert blocks.';
-CREATE POLICY "blocks_admin_writer_can_update" ON public.blocks
-  FOR UPDATE
-  TO authenticated
-  USING (EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role IN ('ADMIN', 'WRITER'))) -- Who can be targeted by an update
-  WITH CHECK (EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role IN ('ADMIN', 'WRITER'))); -- What rows can be created/modified by them
-COMMENT ON POLICY "blocks_admin_writer_can_update" ON public.blocks IS 'Admins/Writers can update blocks.';
-CREATE POLICY "blocks_admin_writer_can_delete" ON public.blocks
-  FOR DELETE
-  TO authenticated
-  USING (EXISTS (SELECT 1 FROM public.profiles WHERE id = auth.uid() AND role IN ('ADMIN', 'WRITER')));
-COMMENT ON POLICY "blocks_admin_writer_can_delete" ON public.blocks IS 'Admins/Writers can delete blocks.';
-COMMIT;

package/supabase/migrations/20250602150602_add_blur_data_url_to_media.sql DELETED Viewed

@@ -1,4 +0,0 @@
-ALTER TABLE public.media
-ADD COLUMN blur_data_url TEXT NULL;
-COMMENT ON COLUMN public.media.blur_data_url IS 'Stores the base64 encoded string for image blur placeholders.';

package/supabase/migrations/20250602150959_add_variants_to_media.sql DELETED Viewed

@@ -1,4 +0,0 @@
-ALTER TABLE public.media
-ADD COLUMN variants JSONB NULL;
-COMMENT ON COLUMN public.media.variants IS 'Stores an array of image variant objects, including different sizes and formats.';

package/supabase/migrations/20250618124000_create_get_my_claim_function.sql DELETED Viewed

@@ -1,5 +0,0 @@
-CREATE OR REPLACE FUNCTION get_my_claim(claim TEXT)
-RETURNS JSONB AS $$
-  SET search_path = '';
-  SELECT COALESCE(current_setting('request.jwt.claims', true)::JSONB ->> claim, NULL)::JSONB
-$$ LANGUAGE SQL STABLE;

package/supabase/migrations/20250618124100_create_logos_table.sql DELETED Viewed

@@ -1,29 +0,0 @@
-CREATE TABLE public.logos (
-    id uuid NOT NULL DEFAULT gen_random_uuid(),
-    created_at timestamp with time zone NOT NULL DEFAULT now(),
-    name text NOT NULL,
-    media_id uuid,
-    CONSTRAINT logos_pkey PRIMARY KEY (id),
-    CONSTRAINT logos_media_id_fkey FOREIGN KEY (media_id) REFERENCES public.media(id) ON DELETE SET NULL
-);
-COMMENT ON TABLE public.logos IS 'Stores company and brand logos.';
-COMMENT ON COLUMN public.logos.name IS 'The name of the brand or company for the logo.';
-COMMENT ON COLUMN public.logos.media_id IS 'Foreign key to the media table for the logo image.';
-GRANT SELECT, INSERT, UPDATE, DELETE ON TABLE public.logos TO authenticated;
-ALTER TABLE public.logos ENABLE ROW LEVEL SECURITY;
-CREATE POLICY "Allow read access for authenticated users on logos"
-ON public.logos
-FOR SELECT
-TO authenticated
-USING (true);
-CREATE POLICY "Allow admin users to manage logos"
-ON public.logos
-FOR ALL
-TO authenticated
-USING (((SELECT get_my_claim('user_role'::text)) = '"admin"'::jsonb))
-WITH CHECK (((SELECT get_my_claim('user_role'::text)) = '"admin"'::jsonb));

package/supabase/migrations/20250618130000_fix_linter_warnings.sql DELETED Viewed

@@ -1,58 +0,0 @@
--- Fix multiple permissive policies on logos table
-DROP POLICY IF EXISTS "Allow admin users to manage logos" ON public.logos;
-DROP POLICY IF EXISTS "Allow read access for authenticated users on logos" ON public.logos;
-CREATE POLICY "Allow read access for authenticated users on logos"
-ON public.logos
-FOR SELECT
-TO authenticated
-USING (true);
-CREATE POLICY "Allow admin users to insert logos"
-ON public.logos
-FOR INSERT TO authenticated
-WITH CHECK ((get_my_claim('user_role'::text) = '"admin"'::jsonb));
-CREATE POLICY "Allow admin users to update logos"
-ON public.logos
-FOR UPDATE TO authenticated
-USING ((get_my_claim('user_role'::text) = '"admin"'::jsonb))
-WITH CHECK ((get_my_claim('user_role'::text) = '"admin"'::jsonb));
-CREATE POLICY "Allow admin users to delete logos"
-ON public.logos
-FOR DELETE TO authenticated
-USING ((get_my_claim('user_role'::text) = '"admin"'::jsonb));
--- Fix mutable search path for get_my_claim
-CREATE OR REPLACE FUNCTION get_my_claim(claim TEXT)
-RETURNS JSONB AS $$
-  SET search_path = '';
-  SELECT COALESCE(current_setting('request.jwt.claims', true)::JSONB ->> claim, NULL)::JSONB
-$$ LANGUAGE SQL STABLE;
--- Optimize RLS policies on blocks table
-DROP POLICY IF EXISTS "blocks_are_readable_if_parent_is_published" ON public.blocks;
-DROP POLICY IF EXISTS "admins_and_writers_can_manage_blocks" ON public.blocks;
-CREATE POLICY "blocks_are_readable_if_parent_is_published"
-ON public.blocks FOR SELECT
-TO anon, authenticated
-USING (
-  (page_id IS NOT NULL AND EXISTS (
-    SELECT 1
-    FROM public.pages p
-    WHERE p.id = blocks.page_id AND p.status = 'published'
-  )) OR
-  (post_id IS NOT NULL AND EXISTS (
-    SELECT 1
-    FROM public.posts pt
-    WHERE pt.id = blocks.post_id AND pt.status = 'published' AND (pt.published_at IS NULL OR pt.published_at <= now())
-  ))
-);
-CREATE POLICY "admins_and_writers_can_manage_blocks"
-ON public.blocks FOR ALL
-TO authenticated
-USING ((SELECT get_my_claim('user_role'::text)) IN ('"admin"', '"writer"'))
-WITH CHECK ((SELECT get_my_claim('user_role'::text)) IN ('"admin"', '"writer"'));

package/supabase/migrations/20250618151500_revert_storage_rls.sql DELETED Viewed

@@ -1,6 +0,0 @@
--- Reverts the RLS policies on storage.objects that caused the upload failure.
-DROP POLICY IF EXISTS "allow_authenticated_uploads" ON storage.objects;
-DROP POLICY IF EXISTS "allow_authenticated_select" ON storage.objects;
-DROP POLICY IF EXISTS "allow_authenticated_updates" ON storage.objects;
-DROP POLICY IF EXISTS "allow_authenticated_deletes" ON storage.objects;

package/supabase/migrations/20250619084800_reinstate_storage_rls.sql DELETED Viewed

@@ -1,13 +0,0 @@
--- Re-enables RLS policies for storage.objects to allow authenticated uploads.
--- Adds a policy allowing authenticated users to upload files
-CREATE POLICY "allow_authenticated_uploads" ON storage.objects FOR INSERT TO authenticated WITH CHECK (bucket_id = 'public' AND owner = auth.uid());
--- Allow authenticated users to SELECT files
-CREATE POLICY "allow_authenticated_select" ON storage.objects FOR SELECT TO authenticated USING (bucket_id = 'public');
--- Allow authenticated users to UPDATE their own files
-CREATE POLICY "allow_authenticated_updates" ON storage.objects FOR UPDATE TO authenticated USING (bucket_id = 'public' AND owner = auth.uid());
--- Allow authenticated users to DELETE their own files
-CREATE POLICY "allow_authenticated_deletes" ON storage.objects FOR DELETE TO authenticated USING (bucket_id = 'public' AND owner = auth.uid());

package/supabase/migrations/20250619092430_widen_logo_insert_policy.sql DELETED Viewed

@@ -1,6 +0,0 @@
-DROP POLICY IF EXISTS "Allow admins to manage logos" ON public.logos;
-CREATE POLICY "Allow admin and writer users to insert logos"
-ON public.logos
-FOR INSERT TO authenticated
-WITH CHECK ((get_my_claim('user_role'::text) IN ('"admin"'::jsonb, '"writer"'::jsonb)));

package/supabase/migrations/20250619093122_fix_get_my_claim_volatility.sql DELETED Viewed

@@ -1,5 +0,0 @@
-CREATE OR REPLACE FUNCTION get_my_claim(claim TEXT)
-RETURNS JSONB AS $$
-  SET search_path = '';
-  SELECT COALESCE(current_setting('request.jwt.claims', true)::JSONB ->> claim, NULL)::JSONB
-$$ LANGUAGE SQL VOLATILE;

package/supabase/migrations/20250619104249_consolidated_logo_rls_fix.sql DELETED Viewed

@@ -1,56 +0,0 @@
--- Step 1: Drop all dependent policies first.
-DROP POLICY IF EXISTS "Allow admins to manage logos" ON public.logos;
-DROP POLICY IF EXISTS "Allow users to insert logos" ON public.logos;
-DROP POLICY IF EXISTS "Allow logo insert for writers and admins" ON public.logos;
-DROP POLICY IF EXISTS "Allow logo update for admins" ON public.logos;
-DROP POLICY IF EXISTS "Allow logo delete for admins" ON public.logos;
--- Step 2: Drop the old function to avoid return type conflicts.
--- Note: It's critical to drop policies before the function they depend on.
-DROP FUNCTION IF EXISTS get_my_claim(text) CASCADE;
--- Step 3: Redefine the get_my_claim function to be more robust and return TEXT.
--- This avoids JSON casting errors and type mismatches in policies.
-CREATE OR REPLACE FUNCTION get_my_claim(claim TEXT)
-RETURNS TEXT AS $$
-DECLARE
-    claims jsonb;
-    claim_value text;
-BEGIN
-    -- Safely get claims, defaulting to NULL if not present or invalid JSON
-    BEGIN
-        claims := current_setting('request.jwt.claims', true)::jsonb;
-    EXCEPTION
-        WHEN invalid_text_representation THEN
-            claims := NULL;
-    END;
-    -- If claims are NULL, return NULL
-    IF claims IS NULL THEN
-        RETURN NULL;
-    END IF;
-    -- Safely extract the claim value as text, removing quotes
-    claim_value := claims ->> claim;
-    RETURN claim_value;
-END;
-$$ LANGUAGE plpgsql VOLATILE;
--- Create the new, correct policies using the updated function
-CREATE POLICY "Allow logo insert for authenticated users"
-ON public.logos
-FOR INSERT
-WITH CHECK (auth.role() = 'authenticated');
-CREATE POLICY "Allow logo update for authenticated users"
-ON public.logos
-FOR UPDATE
-USING (auth.role() = 'authenticated')
-WITH CHECK (auth.role() = 'authenticated');
-CREATE POLICY "Allow logo delete for authenticated users"
-ON public.logos
-FOR DELETE
-USING (auth.role() = 'authenticated');

package/supabase/migrations/20250619110700_fix_logo_rls_again.sql DELETED Viewed

@@ -1,59 +0,0 @@
--- Step 1: Drop all dependent policies first.
-DROP POLICY IF EXISTS "Allow admins to manage logos" ON public.logos;
-DROP POLICY IF EXISTS "Allow users to insert logos" ON public.logos;
-DROP POLICY IF EXISTS "Allow logo insert for writers and admins" ON public.logos;
-DROP POLICY IF EXISTS "Allow logo update for admins" ON public.logos;
-DROP POLICY IF EXISTS "Allow logo delete for admins" ON public.logos;
-DROP POLICY IF EXISTS "Allow logo insert for authenticated users" ON public.logos;
-DROP POLICY IF EXISTS "Allow logo update for authenticated users" ON public.logos;
-DROP POLICY IF EXISTS "Allow logo delete for authenticated users" ON public.logos;
--- Step 2: Drop the old function to avoid return type conflicts.
--- Note: It's critical to drop policies before the function they depend on.
-DROP FUNCTION IF EXISTS get_my_claim(text) CASCADE;
--- Step 3: Redefine the get_my_claim function to be more robust and return TEXT.
--- This avoids JSON casting errors and type mismatches in policies.
-CREATE OR REPLACE FUNCTION get_my_claim(claim TEXT)
-RETURNS TEXT AS $$
-DECLARE
-    claims jsonb;
-    claim_value text;
-BEGIN
-    -- Safely get claims, defaulting to NULL if not present or invalid JSON
-    BEGIN
-        claims := current_setting('request.jwt.claims', true)::jsonb;
-    EXCEPTION
-        WHEN invalid_text_representation THEN
-            claims := NULL;
-    END;
-    -- If claims are NULL, return NULL
-    IF claims IS NULL THEN
-        RETURN NULL;
-    END IF;
-    -- Safely extract the claim value as text, removing quotes
-    claim_value := claims ->> claim;
-    RETURN claim_value;
-END;
-$$ LANGUAGE plpgsql VOLATILE;
--- Create the new, correct policies using the updated function
-CREATE POLICY "Allow logo insert for authenticated users"
-ON public.logos
-FOR INSERT
-WITH CHECK (auth.role() = 'authenticated');
-CREATE POLICY "Allow logo update for authenticated users"
-ON public.logos
-FOR UPDATE
-USING (auth.role() = 'authenticated')
-WITH CHECK (auth.role() = 'authenticated');
-CREATE POLICY "Allow logo delete for authenticated users"
-ON public.logos
-FOR DELETE
-USING (auth.role() = 'authenticated');

package/supabase/migrations/20250619113200_add_file_path_to_media.sql DELETED Viewed

@@ -1,4 +0,0 @@
-ALTER TABLE public.media
-ADD COLUMN file_path TEXT;
-COMMENT ON COLUMN public.media.file_path IS 'The full path to the file in the storage bucket.';