npm - @nextblock-cms/db - Versions diffs - 0.2.8 → 0.2.10 - Mend

@nextblock-cms/db 0.2.8 → 0.2.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (86) hide show

package/supabase/migrations/20250619124100_fix_rls_performance_warnings.sql DELETED Viewed

@@ -1,74 +0,0 @@
-BEGIN;
--- Drop existing policies for 'public.logos'
-DROP POLICY IF EXISTS "Allow logo insert for authenticated users" ON public.logos;
-DROP POLICY IF EXISTS "Allow logo update for authenticated users" ON public.logos;
-DROP POLICY IF EXISTS "Allow logo delete for authenticated users" ON public.logos;
--- Recreate policies for 'public.logos' with optimized auth calls
-CREATE POLICY "Allow logo insert for authenticated users"
-ON public.logos
-FOR INSERT
-WITH CHECK ((SELECT auth.role()) = 'authenticated');
-CREATE POLICY "Allow logo update for authenticated users"
-ON public.logos
-FOR UPDATE
-USING ((SELECT auth.role()) = 'authenticated')
-WITH CHECK ((SELECT auth.role()) = 'authenticated');
-CREATE POLICY "Allow logo delete for authenticated users"
-ON public.logos
-FOR DELETE
-USING ((SELECT auth.role()) = 'authenticated');
--- Drop existing policies for 'public.blocks'
-DROP POLICY IF EXISTS "blocks_authenticated_comprehensive_select" ON public.blocks;
-DROP POLICY IF EXISTS "blocks_admin_writer_can_insert" ON public.blocks;
-DROP POLICY IF EXISTS "blocks_admin_writer_can_update" ON public.blocks;
-DROP POLICY IF EXISTS "blocks_admin_writer_can_delete" ON public.blocks;
-DROP POLICY IF EXISTS "blocks_anon_can_read_published_blocks" ON public.blocks;
-DROP POLICY IF EXISTS "blocks_are_readable_if_parent_is_published" ON public.blocks;
--- Create a new comprehensive SELECT policy for 'public.blocks'
-CREATE POLICY "Allow read access to blocks" ON public.blocks
-FOR SELECT USING (
-  (
-    -- Anonymous users can read blocks of published content
-    (SELECT auth.role()) = 'anon' AND
-    (
-      (page_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.pages p WHERE p.id = blocks.page_id AND p.status = 'published')) OR
-      (post_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.posts pt WHERE pt.id = blocks.post_id AND pt.status = 'published' AND (pt.published_at IS NULL OR pt.published_at <= now())))
-    )
-  ) OR (
-    -- Authenticated users have role-based access
-    (SELECT auth.role()) = 'authenticated' AND
-    (
-      (
-        -- ADMIN or WRITER can read all blocks
-        EXISTS (SELECT 1 FROM public.profiles WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER'))
-      ) OR
-      (
-        -- USER can read blocks of published parents
-        EXISTS (SELECT 1 FROM public.profiles WHERE id = (SELECT auth.uid()) AND role = 'USER') AND
-        (
-          (page_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.pages p WHERE p.id = blocks.page_id AND p.status = 'published')) OR
-          (post_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.posts pt WHERE pt.id = blocks.post_id AND pt.status = 'published' AND (pt.published_at IS NULL OR pt.published_at <= now())))
-        )
-      )
-    )
-  )
-);
--- Re-create the management policies for 'public.blocks' with optimized auth calls
-CREATE POLICY "Allow insert for admins and writers on blocks" ON public.blocks
-FOR INSERT WITH CHECK (EXISTS (SELECT 1 FROM public.profiles WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER')));
-CREATE POLICY "Allow update for admins and writers on blocks" ON public.blocks
-FOR UPDATE USING (EXISTS (SELECT 1 FROM public.profiles WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER')))
-WITH CHECK (EXISTS (SELECT 1 FROM public.profiles WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER')));
-CREATE POLICY "Allow delete for admins and writers on blocks" ON public.blocks
-FOR DELETE USING (EXISTS (SELECT 1 FROM public.profiles WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER')));
-COMMIT;

package/supabase/migrations/20250619195500_create_site_settings_table.sql DELETED Viewed

@@ -1,28 +0,0 @@
--- supabase/migrations/20250619195500_create_site_settings_table.sql
-CREATE TABLE public.site_settings (
-    key TEXT PRIMARY KEY,
-    value JSONB
-);
--- Enable RLS
-ALTER TABLE public.site_settings ENABLE ROW LEVEL SECURITY;
--- Allow admins to do everything
-CREATE POLICY "Allow admins full access on site_settings"
-ON public.site_settings
-FOR ALL
-TO authenticated
-USING (get_my_claim('user_role') = '"admin"');
--- Allow authenticated users to read settings
-CREATE POLICY "Allow authenticated users to read site_settings"
-ON public.site_settings
-FOR SELECT
-TO authenticated
-USING (true);
--- Seed initial copyright setting
-INSERT INTO public.site_settings (key, value)
-VALUES ('footer_copyright', '{"en": "© {year} Nextblock CMS. All rights reserved.", "fr": "© {year} Nextblock CMS. Tous droits réservés."}')
-ON CONFLICT (key) DO NOTHING;

package/supabase/migrations/20250619201500_add_anon_read_to_site_settings.sql DELETED Viewed

@@ -1,7 +0,0 @@
--- supabase/migrations/20250619201500_add_anon_read_to_site_settings.sql
-CREATE POLICY "Allow public read access to site_settings"
-ON public.site_settings
-FOR SELECT
-TO anon
-USING (true);

package/supabase/migrations/20250619202000_add_is_active_to_languages.sql DELETED Viewed

@@ -1,5 +0,0 @@
--- Add is_active column to languages table
-ALTER TABLE public.languages
-ADD COLUMN is_active BOOLEAN NOT NULL DEFAULT true;
-COMMENT ON COLUMN public.languages.is_active IS 'Indicates if the language is currently active and available for use.';

package/supabase/migrations/20250620085700_fix_site_settings_write_rls.sql DELETED Viewed

@@ -1,27 +0,0 @@
--- Drop existing policies if they exist to avoid conflicts.
-DROP POLICY IF EXISTS "Allow ADMIN and WRITER to insert into site_settings" ON public.site_settings;
-DROP POLICY IF EXISTS "Allow ADMIN and WRITER to update site_settings" ON public.site_settings;
-DROP POLICY IF EXISTS "Allow ADMIN and WRITER to modify site_settings" ON public.site_settings;
--- This policy grants permission to insert into the site_settings table
--- to any authenticated user whose role in the profiles table is 'ADMIN' or 'WRITER'.
-CREATE POLICY "Allow ADMIN and WRITER to insert into site_settings"
-ON public.site_settings
-FOR INSERT
-TO authenticated
-WITH CHECK (
-  (SELECT role FROM public.profiles WHERE id = auth.uid()) IN ('ADMIN', 'WRITER')
-);
--- This policy grants permission to update the site_settings table
--- to any authenticated user whose role in the profiles table is 'ADMIN' or 'WRITER'.
-CREATE POLICY "Allow ADMIN and WRITER to update site_settings"
-ON public.site_settings
-FOR UPDATE
-TO authenticated
-USING (
-  (SELECT role FROM public.profiles WHERE id = auth.uid()) IN ('ADMIN', 'WRITER')
-)
-WITH CHECK (
-  (SELECT role FROM public.profiles WHERE id = auth.uid()) IN ('ADMIN', 'WRITER')
-);

package/supabase/migrations/20250620095500_fix_profiles_read_rls.sql DELETED Viewed

@@ -1,11 +0,0 @@
--- Drop the policy if it exists to ensure a clean state.
-DROP POLICY IF EXISTS "Allow user to read their own profile" ON public.profiles;
--- This policy allows an authenticated user to read their own row from the profiles table.
--- This is necessary for other RLS policies (like the one on site_settings) to be able
--- to look up the user's role during policy evaluation.
-CREATE POLICY "Allow user to read their own profile"
-ON public.profiles
-FOR SELECT
-TO authenticated
-USING (auth.uid() = id);

package/supabase/migrations/20250620100000_use_security_definer_for_rls.sql DELETED Viewed

@@ -1,39 +0,0 @@
--- Drop all previous policies on site_settings to ensure a clean slate.
-DROP POLICY IF EXISTS "Allow ADMIN and WRITER to insert into site_settings" ON public.site_settings;
-DROP POLICY IF EXISTS "Allow ADMIN and WRITER to update site_settings" ON public.site_settings;
-DROP POLICY IF EXISTS "Allow ADMIN and WRITER to modify site_settings" ON public.site_settings;
--- Create a trusted, elevated-privilege function to get the current user's role.
--- SECURITY DEFINER makes it run with the permissions of the function owner, bypassing nested RLS.
-CREATE OR REPLACE FUNCTION get_my_role()
-RETURNS TEXT AS $$
-DECLARE
-  user_role TEXT;
-BEGIN
-  SELECT role INTO user_role FROM public.profiles WHERE id = auth.uid();
-  RETURN user_role;
-END;
-$$ LANGUAGE plpgsql SECURITY DEFINER;
--- This policy grants permission to insert into the site_settings table
--- by using the trusted function to check the user's role.
-CREATE POLICY "Allow insert based on user role"
-ON public.site_settings
-FOR INSERT
-TO authenticated
-WITH CHECK (
-  get_my_role() IN ('ADMIN', 'WRITER')
-);
--- This policy grants permission to update the site_settings table
--- by using the trusted function to check the user's role.
-CREATE POLICY "Allow update based on user role"
-ON public.site_settings
-FOR UPDATE
-TO authenticated
-USING (
-  get_my_role() IN ('ADMIN', 'WRITER')
-)
-WITH CHECK (
-  get_my_role() IN ('ADMIN', 'WRITER')
-);

package/supabase/migrations/20250620130000_add_public_read_to_logos.sql DELETED Viewed

@@ -1,4 +0,0 @@
-CREATE POLICY "Allow public read access to logos"
-ON public.logos
-FOR SELECT
-USING (true);

package/supabase/migrations/20250708091700_create_translations_table.sql DELETED Viewed

@@ -1,55 +0,0 @@
--- Create the translations table
-CREATE TABLE translations (
-    key TEXT PRIMARY KEY,
-    translations JSONB NOT NULL,
-    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
-);
--- Add comments on the columns
-COMMENT ON COLUMN translations.key IS 'A unique, slugified identifier (e.g., "sign_in_button_text").';
-COMMENT ON COLUMN translations.translations IS 'Stores translations as key-value pairs (e.g., {"en": "Sign In", "fr": "s''inscrire"}).';
--- Enable Row Level Security
-ALTER TABLE translations ENABLE ROW LEVEL SECURITY;
--- RLS Policies
-CREATE POLICY "Allow all access to ADMIN"
-ON public.translations
-FOR ALL
-TO authenticated
-USING (
-  (auth.jwt() ->> 'user_role') = 'ADMIN'
-)
-WITH CHECK (
-  (auth.jwt() ->> 'user_role') = 'ADMIN'
-);
-CREATE POLICY "Allow read access to all authenticated users"
-ON public.translations
-FOR SELECT
-TO authenticated
-USING (true);
-CREATE POLICY "Allow read access to all anonymous users"
-ON public.translations
-FOR SELECT
-TO anon
-USING (true);
--- Trigger to update updated_at timestamp
-CREATE OR REPLACE FUNCTION public.set_current_timestamp_updated_at()
-RETURNS TRIGGER AS $$
-DECLARE
-  _new record;
-BEGIN
-  _new := NEW;
-  _new."updated_at" = NOW();
-  RETURN _new;
-END;
-$$ LANGUAGE plpgsql;
-CREATE TRIGGER set_updated_at
-BEFORE UPDATE ON public.translations
-FOR EACH ROW
-EXECUTE FUNCTION public.set_current_timestamp_updated_at();

package/supabase/migrations/20250708093403_seed_translations_table.sql DELETED Viewed

@@ -1,20 +0,0 @@
-INSERT INTO public.translations (key, translations) VALUES
-('sign_in', '{"en": "Sign in", "fr": "Connexion"}'),
-('sign_up', '{"en": "Sign up", "fr": "Inscription"}'),
-('sign_out', '{"en": "Sign out", "fr": "Déconnexion"}'),
-('dont_have_account', '{"en": "Don''t have an account?", "fr": "Pas encore de compte ?"}'),
-('email', '{"en": "Email", "fr": "Email"}'),
-('you_at_example_com', '{"en": "you@example.com", "fr": "vous@example.com"}'),
-('password', '{"en": "Password", "fr": "Mot de passe"}'),
-('forgot_password', '{"en": "Forgot Password?", "fr": "Mot de passe oublié ?"}'),
-('your_password', '{"en": "Your password", "fr": "Votre mot de passe"}'),
-('signing_in_pending', '{"en": "Signing In...", "fr": "Connexion en cours..."}'),
-('already_have_account', '{"en": "Already have an account?", "fr": "Déjà un compte ?"}'),
-('signing_up_pending', '{"en": "Signing up...", "fr": "Inscription en cours..."}'),
-('reset_password', '{"en": "Reset Password", "fr": "Réinitialiser le mot de passe"}');
--- Route prefix for the blog section
-INSERT INTO public.translations (key, translations) VALUES
-('blog_prefix', '{"en": "article", "fr": "article"}')
-ON CONFLICT (key) DO UPDATE
-SET translations = EXCLUDED.translations;

package/supabase/migrations/20250708110600_fix_translations_rls_policies.sql DELETED Viewed

@@ -1,11 +0,0 @@
--- Drop the existing restrictive policy for updates
-DROP POLICY IF EXISTS "Allow all access to ADMIN" ON public.translations;
--- Create a more permissive policy that allows authenticated users to update translations
--- This assumes that access to the CMS is already controlled at the application level
-CREATE POLICY "Allow authenticated users to manage translations"
-ON public.translations
-FOR ALL
-TO authenticated
-USING (true)
-WITH CHECK (true);

package/supabase/migrations/20250708112300_add_new_translations.sql DELETED Viewed

@@ -1,9 +0,0 @@
-INSERT INTO public.translations (key, translations) VALUES
-('edit_page', '{"en": "Edit Page", "fr": "Éditer la page"}'),
-('edit_post', '{"en": "Edit Post", "fr": "Éditer l''article"}'),
-('open_main_menu', '{"en": "Open main menu", "fr": "Ouvrir le menu principal"}'),
-('mobile_navigation_menu', '{"en": "Mobile navigation menu", "fr": "Menu de navigation mobile"}'),
-('cms_dashboard', '{"en": "CMS Dashboard", "fr": "Tableau de bord CMS"}'),
-('update_env_file_warning', '{"en": "Please update .env.local file with anon key and url", "fr": "Veuillez mettre à jour .env.local avec l''anon key et l''URL"}'),
-('greeting', '{"en": "Hey, {username}!", "fr": "Salut, {username} !"}')
-ON CONFLICT (key) DO NOTHING;

package/supabase/migrations/20250709120000_create_revisions_tables.sql DELETED Viewed

@@ -1,109 +0,0 @@
--- supabase/migrations/20250709120000_create_revisions_tables.sql
--- Hybrid revision history for pages and posts
-begin;
--- Create enum for revision type if not exists
-do $$
-begin
-  if not exists (select 1 from pg_type where typname = 'revision_type') then
-    create type public.revision_type as enum ('snapshot', 'diff');
-  end if;
-end
-$$;
--- Add version column to pages and posts if not exists
-do $$
-begin
-  if not exists (
-    select 1 from information_schema.columns
-    where table_schema = 'public' and table_name = 'pages' and column_name = 'version'
-  ) then
-    alter table public.pages add column version integer not null default 1;
-    comment on column public.pages.version is 'Monotonic version number for hybrid revisions.';
-  end if;
-end
-$$;
-do $$
-begin
-  if not exists (
-    select 1 from information_schema.columns
-    where table_schema = 'public' and table_name = 'posts' and column_name = 'version'
-  ) then
-    alter table public.posts add column version integer not null default 1;
-    comment on column public.posts.version is 'Monotonic version number for hybrid revisions.';
-  end if;
-end
-$$;
--- Create page_revisions table
-create table if not exists public.page_revisions (
-  id bigint generated by default as identity primary key,
-  page_id bigint not null references public.pages(id) on delete cascade,
-  author_id uuid references public.profiles(id) on delete set null,
-  version integer not null,
-  revision_type public.revision_type not null,
-  content jsonb not null,
-  created_at timestamp with time zone not null default now(),
-  constraint page_revisions_page_version_key unique (page_id, version)
-);
-comment on table public.page_revisions is 'Hybrid (snapshot/diff) revisions for pages.';
-comment on column public.page_revisions.content is 'If snapshot: full content; if diff: JSON Patch array.';
-create index if not exists idx_page_revisions_page_id on public.page_revisions(page_id);
-create index if not exists idx_page_revisions_page_id_version on public.page_revisions(page_id, version);
--- Create post_revisions table
-create table if not exists public.post_revisions (
-  id bigint generated by default as identity primary key,
-  post_id bigint not null references public.posts(id) on delete cascade,
-  author_id uuid references public.profiles(id) on delete set null,
-  version integer not null,
-  revision_type public.revision_type not null,
-  content jsonb not null,
-  created_at timestamp with time zone not null default now(),
-  constraint post_revisions_post_version_key unique (post_id, version)
-);
-comment on table public.post_revisions is 'Hybrid (snapshot/diff) revisions for posts.';
-comment on column public.post_revisions.content is 'If snapshot: full content; if diff: JSON Patch array.';
-create index if not exists idx_post_revisions_post_id on public.post_revisions(post_id);
-create index if not exists idx_post_revisions_post_id_version on public.post_revisions(post_id, version);
--- Enable RLS and add policies (admins and writers manage; authenticated can read)
-alter table public.page_revisions enable row level security;
-alter table public.post_revisions enable row level security;
--- Page revisions policies
-drop policy if exists "page_revisions_admin_writer_management" on public.page_revisions;
-create policy "page_revisions_admin_writer_management"
-on public.page_revisions for all
-to authenticated
-using (public.get_current_user_role() in ('ADMIN', 'WRITER'))
-with check (public.get_current_user_role() in ('ADMIN', 'WRITER'));
-drop policy if exists "page_revisions_authenticated_read" on public.page_revisions;
-create policy "page_revisions_authenticated_read"
-on public.page_revisions for select
-to authenticated
-using (true);
--- Post revisions policies
-drop policy if exists "post_revisions_admin_writer_management" on public.post_revisions;
-create policy "post_revisions_admin_writer_management"
-on public.post_revisions for all
-to authenticated
-using (public.get_current_user_role() in ('ADMIN', 'WRITER'))
-with check (public.get_current_user_role() in ('ADMIN', 'WRITER'));
-drop policy if exists "post_revisions_authenticated_read" on public.post_revisions;
-create policy "post_revisions_authenticated_read"
-on public.post_revisions for select
-to authenticated
-using (true);
-commit;

package/supabase/migrations/20251001113000_add_folder_to_media.sql DELETED Viewed

@@ -1,14 +0,0 @@
--- Add a folder column to organize media by path prefix
-ALTER TABLE public.media
-ADD COLUMN IF NOT EXISTS folder TEXT;
-COMMENT ON COLUMN public.media.folder IS 'Folder path prefix for the R2 object (e.g., images/summer/).';
--- Backfill existing rows by deriving folder from object_key (everything up to last slash)
-UPDATE public.media
-SET folder = NULLIF(regexp_replace(object_key, '[^/]*$', ''), '')
-WHERE folder IS NULL;
--- Index to speed up filtering by folder
-CREATE INDEX IF NOT EXISTS media_folder_idx ON public.media (folder);

package/supabase/migrations/20251112113736_fix_search_path_functions.sql DELETED Viewed

@@ -1,74 +0,0 @@
--- Ensure critical auth/public functions always use a safe search_path.
-BEGIN;
-CREATE OR REPLACE FUNCTION public.handle_languages_update()
-RETURNS TRIGGER
-LANGUAGE plpgsql
-SECURITY DEFINER
-SET search_path TO pg_temp, public
-AS $$
-BEGIN
-  NEW.updated_at = now();
-  RETURN NEW;
-END;
-$$;
-CREATE OR REPLACE FUNCTION public.get_my_claim(claim TEXT)
-RETURNS TEXT
-LANGUAGE plpgsql
-VOLATILE
-SET search_path TO pg_temp, public
-AS $$
-DECLARE
-    claims jsonb;
-    claim_value text;
-BEGIN
-    -- Safely get claims, defaulting to NULL if not present or invalid JSON
-    BEGIN
-        claims := current_setting('request.jwt.claims', true)::jsonb;
-    EXCEPTION
-        WHEN invalid_text_representation THEN
-            claims := NULL;
-    END;
-    -- If claims are NULL, return NULL
-    IF claims IS NULL THEN
-        RETURN NULL;
-    END IF;
-    -- Safely extract the claim value as text, removing quotes
-    claim_value := claims ->> claim;
-    RETURN claim_value;
-END;
-$$;
-CREATE OR REPLACE FUNCTION public.get_my_role()
-RETURNS TEXT
-LANGUAGE plpgsql
-SECURITY DEFINER
-SET search_path TO pg_temp, public
-AS $$
-DECLARE
-  user_role TEXT;
-BEGIN
-  SELECT role INTO user_role FROM public.profiles WHERE id = auth.uid();
-  RETURN user_role;
-END;
-$$;
-CREATE OR REPLACE FUNCTION public.set_current_timestamp_updated_at()
-RETURNS TRIGGER
-LANGUAGE plpgsql
-SET search_path TO pg_temp, public
-AS $$
-DECLARE
-  _new record;
-BEGIN
-  _new := NEW;
-  _new."updated_at" = now();
-  RETURN _new;
-END;
-$$;
-COMMIT;

package/supabase/migrations/20251112124444_fix_rls_performance.sql DELETED Viewed

@@ -1,63 +0,0 @@
-BEGIN;
--- Ensure profile read access uses a single policy and wraps auth.uid() safely.
-DROP POLICY IF EXISTS "Allow user to read their own profile" ON public.profiles;
-DROP POLICY IF EXISTS "authenticated_can_read_profiles" ON public.profiles;
-CREATE POLICY "authenticated_can_read_profiles" ON public.profiles
-FOR SELECT
-TO authenticated
-USING (
-  (id = (SELECT auth.uid())) OR
-  (public.get_current_user_role() = 'ADMIN')
-);
-COMMENT ON POLICY "authenticated_can_read_profiles" ON public.profiles IS 'Authenticated users can read their own profile; admins can read any profile.';
--- Harden storage.objects ownership checks.
-DROP POLICY IF EXISTS "allow_authenticated_uploads" ON storage.objects;
-DROP POLICY IF EXISTS "allow_authenticated_updates" ON storage.objects;
-DROP POLICY IF EXISTS "allow_authenticated_deletes" ON storage.objects;
-CREATE POLICY "allow_authenticated_uploads" ON storage.objects
-FOR INSERT TO authenticated
-WITH CHECK (bucket_id = 'public' AND owner = (SELECT auth.uid()));
-CREATE POLICY "allow_authenticated_updates" ON storage.objects
-FOR UPDATE TO authenticated
-USING (bucket_id = 'public' AND owner = (SELECT auth.uid()));
-CREATE POLICY "allow_authenticated_deletes" ON storage.objects
-FOR DELETE TO authenticated
-USING (bucket_id = 'public' AND owner = (SELECT auth.uid()));
--- Keep select policy as-is (bucket scoped) since it does not reference auth.uid().
--- Update site_settings policies to avoid initplan warnings.
-DROP POLICY IF EXISTS "Allow ADMIN and WRITER to insert into site_settings" ON public.site_settings;
-DROP POLICY IF EXISTS "Allow ADMIN and WRITER to update site_settings" ON public.site_settings;
-CREATE POLICY "Allow ADMIN and WRITER to insert into site_settings" ON public.site_settings
-FOR INSERT TO authenticated
-WITH CHECK (
-  EXISTS (
-    SELECT 1 FROM public.profiles
-    WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER')
-  )
-);
-CREATE POLICY "Allow ADMIN and WRITER to update site_settings" ON public.site_settings
-FOR UPDATE TO authenticated
-USING (
-  EXISTS (
-    SELECT 1 FROM public.profiles
-    WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER')
-  )
-)
-WITH CHECK (
-  EXISTS (
-    SELECT 1 FROM public.profiles
-    WHERE id = (SELECT auth.uid()) AND role IN ('ADMIN', 'WRITER')
-  )
-);
-COMMIT;