@rebasepro/studio 0.5.0 → 0.6.1

package/dist/RLSEditor-DpF1u9EC.js

@@ -0,0 +1,1369 @@
+import { t as MonacoEditor } from "./MonacoEditor-COZqrIJ1.js";
+import { ErrorView, useRebaseContext, useSnackbarController, useStudioCollectionRegistry, useTranslation } from "@rebasepro/core";
+import { useCallback, useEffect, useMemo, useState } from "react";
+import { Alert, AlertTriangleIcon, Button, Chip, CircularProgress, Dialog, DialogActions, DialogContent, DialogTitle, HelpCircleIcon, IconButton, KeyIcon, MultiSelect, MultiSelectItem, Paper, RefreshCwIcon, ResizablePanels, Select, SelectItem, ShieldIcon, Tab, Tabs, TextField, Tooltip, Trash2Icon, Typography, cls, defaultBorderMixin, iconSize } from "@rebasepro/ui";
+import { Fragment, jsx, jsxs } from "react/jsx-runtime";
+import { isPostgresCollection } from "@rebasepro/types";
+//#region src/components/RLSEditor/PolicyEditor.tsx
+var COMMAND_OPTIONS = [
+	"ALL",
+	"SELECT",
+	"INSERT",
+	"UPDATE",
+	"DELETE"
+];
+var ROLE_OPTIONS = [
+	"public",
+	"authenticated",
+	"anon",
+	"admin"
+];
+var POLICY_PRESETS = [
+	{
+		id: "public_read",
+		label: "Enable read access to everyone",
+		description: "Anyone can read data, regardless of authentication status.",
+		policyname: "Enable read access for all users",
+		cmd: "SELECT",
+		permissive: "PERMISSIVE",
+		roles: ["public"],
+		qual: "true",
+		with_check: ""
+	},
+	{
+		id: "auth_read",
+		label: "Enable read access for authenticated users only",
+		description: "Only logged-in users are allowed to read data.",
+		policyname: "Enable read access for authenticated users",
+		cmd: "SELECT",
+		permissive: "PERMISSIVE",
+		roles: ["authenticated"],
+		qual: "true",
+		with_check: ""
+	},
+	{
+		id: "auth_insert",
+		label: "Enable insert for authenticated users only",
+		description: "Only logged-in users are allowed to insert new data.",
+		policyname: "Enable insert for authenticated users only",
+		cmd: "INSERT",
+		permissive: "PERMISSIVE",
+		roles: ["authenticated"],
+		qual: "",
+		with_check: "true"
+	},
+	{
+		id: "user_select_own",
+		label: "Users can read their own rows",
+		description: "Users can only read rows where the user_id matches their auth.uid()",
+		policyname: "Users can select their own data",
+		cmd: "SELECT",
+		permissive: "PERMISSIVE",
+		roles: ["authenticated"],
+		qual: "auth.uid() = user_id",
+		with_check: ""
+	},
+	{
+		id: "user_update_own",
+		label: "Users can update their own rows",
+		description: "Users can only update rows where the user_id matches their auth.uid()",
+		policyname: "Users can update their own data",
+		cmd: "UPDATE",
+		permissive: "PERMISSIVE",
+		roles: ["authenticated"],
+		qual: "auth.uid() = user_id",
+		with_check: "auth.uid() = user_id"
+	},
+	{
+		id: "user_delete_own",
+		label: "Users can delete their own rows",
+		description: "Users can only delete rows where the user_id matches their auth.uid()",
+		policyname: "Users can delete their own data",
+		cmd: "DELETE",
+		permissive: "PERMISSIVE",
+		roles: ["authenticated"],
+		qual: "auth.uid() = user_id",
+		with_check: ""
+	}
+];
+var PolicyEditor = ({ policy, schema, table, onSave, onCancel }) => {
+	const { t } = useTranslation();
+	const [name, setName] = useState("");
+	const [helpOpen, setHelpOpen] = useState(false);
+	const [behavior, setBehavior] = useState("PERMISSIVE");
+	const [command, setCommand] = useState("ALL");
+	const [roles, setRoles] = useState(["public"]);
+	const [usingExpr, setUsingExpr] = useState("");
+	const [checkExpr, setCheckExpr] = useState("");
+	const [selectedPreset, setSelectedPreset] = useState("");
+	useEffect(() => {
+		if (policy) {
+			setName(policy.policyname || "");
+			setBehavior(policy.permissive || "PERMISSIVE");
+			setCommand(policy.cmd || "ALL");
+			setRoles(policy.roles ? Array.isArray(policy.roles) ? policy.roles : [policy.roles] : ["public"]);
+			setUsingExpr(policy.qual || "");
+			setCheckExpr(policy.with_check || "");
+		} else {
+			setName("");
+			setBehavior("PERMISSIVE");
+			setCommand("ALL");
+			setRoles(["public"]);
+			setUsingExpr("");
+			setCheckExpr("");
+			setSelectedPreset("");
+		}
+	}, [policy]);
+	const handlePresetChange = (presetId) => {
+		const preset = POLICY_PRESETS.find((p) => p.id === presetId);
+		if (!preset) return;
+		setSelectedPreset(presetId);
+		setName(preset.policyname);
+		setBehavior(preset.permissive);
+		setCommand(preset.cmd);
+		setRoles(preset.roles);
+		setUsingExpr(preset.qual);
+		setCheckExpr(preset.with_check);
+	};
+	const showCheck = command === "ALL" || command === "INSERT" || command === "UPDATE";
+	const handleSave = () => {
+		onSave({
+			policyname: name,
+			permissive: behavior,
+			cmd: command,
+			roles,
+			qual: usingExpr,
+			with_check: showCheck ? checkExpr : null
+		});
+	};
+	return /* @__PURE__ */ jsxs(Fragment, { children: [
+		/* @__PURE__ */ jsxs(DialogTitle, {
+			className: "flex justify-between items-center w-full",
+			variant: "h6",
+			children: [/* @__PURE__ */ jsxs("div", { children: [/* @__PURE__ */ jsx("div", { children: policy ? t("studio_policy_edit") : t("studio_policy_create") }), /* @__PURE__ */ jsxs("div", {
+				className: "text-sm font-normal text-text-secondary dark:text-text-secondary-dark tracking-wide mt-1",
+				children: [
+					t("studio_policy_defining_rules"),
+					" ",
+					/* @__PURE__ */ jsxs("span", {
+						className: "font-mono text-primary bg-primary-bg dark:bg-primary-bg-dark px-1 py-0.5 rounded",
+						children: [
+							schema,
+							".",
+							table
+						]
+					})
+				]
+			})] }), /* @__PURE__ */ jsx(IconButton, {
+				size: "small",
+				onClick: () => setHelpOpen(true),
+				children: /* @__PURE__ */ jsx(HelpCircleIcon, { size: iconSize.smallest })
+			})]
+		}),
+		/* @__PURE__ */ jsx(DialogContent, {
+			className: "p-4 md:p-6 border-t dark:border-surface-950 bg-surface-50 dark:bg-surface-950",
+			includeMargin: false,
+			children: /* @__PURE__ */ jsxs("div", {
+				className: "max-w-4xl mx-auto",
+				children: [/* @__PURE__ */ jsxs(Paper, {
+					className: cls("p-4 md:p-6 flex flex-col gap-6 bg-white dark:bg-surface-900 border-none sm:border-solid rounded-none sm:rounded-xl", defaultBorderMixin),
+					children: [
+						!policy && /* @__PURE__ */ jsxs("div", {
+							className: "flex flex-col gap-1.5 bg-primary/5 dark:bg-primary-bg-dark/20 p-3 sm:p-4 rounded-lg border border-primary/10 dark:border-primary/20",
+							children: [/* @__PURE__ */ jsx(Typography, {
+								variant: "caption",
+								className: "text-primary dark:text-primary-light uppercase tracking-wider",
+								children: t("studio_policy_template")
+							}), /* @__PURE__ */ jsx(Select, {
+								size: "small",
+								value: selectedPreset,
+								onValueChange: handlePresetChange,
+								position: "item-aligned",
+								placeholder: t("studio_policy_select_template"),
+								className: "bg-white dark:bg-surface-950",
+								children: POLICY_PRESETS.map((preset) => /* @__PURE__ */ jsx(SelectItem, {
+									value: preset.id,
+									children: /* @__PURE__ */ jsxs("div", {
+										className: "flex flex-col text-left",
+										children: [/* @__PURE__ */ jsx("span", {
+											className: "text-sm",
+											children: preset.label
+										}), /* @__PURE__ */ jsx("span", {
+											className: "text-xs text-text-secondary dark:text-text-secondary-dark",
+											children: preset.description
+										})]
+									})
+								}, preset.id))
+							})]
+						}),
+						/* @__PURE__ */ jsxs("div", {
+							className: "grid grid-cols-1 md:grid-cols-2 gap-4 sm:gap-6",
+							children: [/* @__PURE__ */ jsxs("div", {
+								className: "flex flex-col gap-1.5",
+								children: [/* @__PURE__ */ jsx(Typography, {
+									variant: "caption",
+									className: "uppercase tracking-wider text-text-secondary",
+									children: t("studio_policy_name")
+								}), /* @__PURE__ */ jsx(TextField, {
+									value: name,
+									onChange: (e) => setName(e.target.value),
+									placeholder: t("studio_policy_name_placeholder"),
+									className: "w-full"
+								})]
+							}), /* @__PURE__ */ jsxs("div", {
+								className: "flex flex-col gap-1.5",
+								children: [/* @__PURE__ */ jsxs(Typography, {
+									variant: "caption",
+									className: "uppercase tracking-wider text-text-secondary",
+									children: [
+										t("studio_policy_behavior"),
+										" ",
+										/* @__PURE__ */ jsx("code", {
+											className: "text-[10px] bg-surface-200 dark:bg-surface-950 text-text-secondary dark:text-text-secondary-dark px-1 py-0.5 rounded ml-1",
+											children: "AS"
+										})
+									]
+								}), /* @__PURE__ */ jsxs(Select, {
+									value: behavior,
+									onValueChange: (val) => setBehavior(val),
+									position: "item-aligned",
+									children: [/* @__PURE__ */ jsx(SelectItem, {
+										value: "PERMISSIVE",
+										children: /* @__PURE__ */ jsxs("div", {
+											className: "flex flex-col text-left",
+											children: [/* @__PURE__ */ jsx("span", {
+												className: "",
+												children: t("studio_policy_permissive")
+											}), /* @__PURE__ */ jsx("span", {
+												className: "text-xs text-text-secondary dark:text-text-secondary-dark",
+												children: t("studio_policy_permissive_desc")
+											})]
+										})
+									}), /* @__PURE__ */ jsx(SelectItem, {
+										value: "RESTRICTIVE",
+										children: /* @__PURE__ */ jsxs("div", {
+											className: "flex flex-col text-left",
+											children: [/* @__PURE__ */ jsx("span", {
+												className: "",
+												children: t("studio_policy_restrictive")
+											}), /* @__PURE__ */ jsx("span", {
+												className: "text-xs text-text-secondary dark:text-text-secondary-dark",
+												children: t("studio_policy_restrictive_desc")
+											})]
+										})
+									})]
+								})]
+							})]
+						}),
+						/* @__PURE__ */ jsxs("div", {
+							className: "flex flex-col gap-1.5",
+							children: [/* @__PURE__ */ jsxs(Typography, {
+								variant: "caption",
+								className: "uppercase tracking-wider text-text-secondary",
+								children: [
+									t("studio_policy_command"),
+									" ",
+									/* @__PURE__ */ jsx("code", {
+										className: "text-[10px] bg-surface-200 dark:bg-surface-950 text-text-secondary dark:text-text-secondary-dark px-1 py-0.5 rounded ml-1",
+										children: "FOR"
+									})
+								]
+							}), /* @__PURE__ */ jsx("div", {
+								className: "flex flex-wrap gap-1.5",
+								children: COMMAND_OPTIONS.map((cmd) => /* @__PURE__ */ jsx(Button, {
+									size: "small",
+									variant: command === cmd ? "filled" : "text",
+									color: "neutral",
+									onClick: () => setCommand(cmd),
+									className: "min-w-[80px]",
+									children: cmd
+								}, cmd))
+							})]
+						}),
+						/* @__PURE__ */ jsxs("div", {
+							className: "flex flex-col gap-1.5",
+							children: [/* @__PURE__ */ jsxs(Typography, {
+								variant: "caption",
+								className: "uppercase tracking-wider text-text-secondary",
+								children: [
+									t("studio_policy_target_roles"),
+									" ",
+									/* @__PURE__ */ jsx("code", {
+										className: "text-[10px] bg-surface-200 dark:bg-surface-950 text-text-secondary dark:text-text-secondary-dark px-1 py-0.5 rounded ml-1",
+										children: "TO"
+									})
+								]
+							}), /* @__PURE__ */ jsx(MultiSelect, {
+								size: "small",
+								value: roles,
+								onValueChange: setRoles,
+								placeholder: t("studio_policy_roles_placeholder"),
+								children: ROLE_OPTIONS.map((role) => /* @__PURE__ */ jsx(MultiSelectItem, {
+									value: role,
+									children: role
+								}, role))
+							})]
+						})
+					]
+				}), /* @__PURE__ */ jsxs("div", {
+					className: "mt-8 flex flex-col gap-4",
+					children: [command !== "INSERT" && /* @__PURE__ */ jsxs("div", {
+						className: "flex flex-col gap-1.5",
+						children: [/* @__PURE__ */ jsxs("div", {
+							className: "flex flex-col gap-0.5",
+							children: [/* @__PURE__ */ jsx(Typography, {
+								variant: "caption",
+								className: "uppercase tracking-wider text-text-secondary",
+								children: t("studio_policy_using_expr")
+							}), /* @__PURE__ */ jsx(Typography, {
+								variant: "caption",
+								className: "text-text-secondary opacity-70",
+								children: t("studio_policy_using_expr_desc")
+							})]
+						}), /* @__PURE__ */ jsx("div", {
+							className: cls("h-32 border rounded-md overflow-hidden bg-white dark:bg-[#1e1e1e]", defaultBorderMixin),
+							children: /* @__PURE__ */ jsx(MonacoEditor, {
+								value: usingExpr,
+								onChange: (v) => setUsingExpr(v || ""),
+								readOnly: false,
+								autoFocus: true
+							})
+						})]
+					}), showCheck && /* @__PURE__ */ jsxs("div", {
+						className: "flex flex-col gap-1.5 mt-2",
+						children: [/* @__PURE__ */ jsxs("div", {
+							className: "flex flex-col gap-0.5",
+							children: [/* @__PURE__ */ jsx(Typography, {
+								variant: "caption",
+								className: "uppercase tracking-wider text-text-secondary",
+								children: t("studio_policy_check_expr")
+							}), /* @__PURE__ */ jsx(Typography, {
+								variant: "caption",
+								className: "text-text-secondary opacity-70",
+								children: t("studio_policy_check_expr_desc")
+							})]
+						}), /* @__PURE__ */ jsx("div", {
+							className: cls("h-32 border rounded-md overflow-hidden bg-white dark:bg-[#1e1e1e]", defaultBorderMixin),
+							children: /* @__PURE__ */ jsx(MonacoEditor, {
+								value: checkExpr,
+								onChange: (v) => setCheckExpr(v || ""),
+								readOnly: false,
+								autoFocus: command === "INSERT"
+							})
+						})]
+					})]
+				})]
+			})
+		}),
+		/* @__PURE__ */ jsxs(DialogActions, { children: [/* @__PURE__ */ jsx(Button, {
+			size: "small",
+			variant: "text",
+			color: "neutral",
+			onClick: onCancel,
+			children: t("studio_policy_cancel")
+		}), /* @__PURE__ */ jsx(Button, {
+			size: "small",
+			variant: "filled",
+			color: "primary",
+			onClick: handleSave,
+			disabled: !name,
+			children: t("studio_policy_save")
+		})] }),
+		/* @__PURE__ */ jsxs(Dialog, {
+			open: helpOpen,
+			onOpenChange: setHelpOpen,
+			maxWidth: "3xl",
+			children: [
+				/* @__PURE__ */ jsx(DialogTitle, {
+					hidden: true,
+					children: "Row-Level Security Help"
+				}),
+				/* @__PURE__ */ jsxs(DialogContent, {
+					className: "p-4 sm:p-6 lg:p-8 flex flex-col gap-6",
+					children: [
+						/* @__PURE__ */ jsxs("div", { children: [/* @__PURE__ */ jsx(Typography, {
+							variant: "h5",
+							className: "mb-2",
+							children: t("studio_policy_help_title")
+						}), /* @__PURE__ */ jsx(Typography, {
+							className: "text-text-secondary dark:text-text-secondary-dark",
+							children: t("studio_policy_help_intro")
+						})] }),
+						/* @__PURE__ */ jsxs("div", {
+							className: "flex flex-col gap-4",
+							children: [
+								/* @__PURE__ */ jsxs(Paper, {
+									className: cls("p-4 sm:p-5 flex flex-col gap-1", defaultBorderMixin),
+									children: [/* @__PURE__ */ jsx(Typography, {
+										variant: "subtitle2",
+										className: "text-primary dark:text-primary-light font-medium",
+										children: t("studio_policy_help_step1_title")
+									}), /* @__PURE__ */ jsx(Typography, {
+										variant: "body2",
+										className: "text-text-secondary dark:text-text-secondary-dark",
+										children: t("studio_policy_help_step1_desc")
+									})]
+								}),
+								/* @__PURE__ */ jsxs(Paper, {
+									className: cls("p-4 sm:p-5 flex flex-col gap-1", defaultBorderMixin),
+									children: [
+										/* @__PURE__ */ jsx(Typography, {
+											variant: "subtitle2",
+											className: "text-primary dark:text-primary-light font-medium",
+											children: t("studio_policy_help_step2_title")
+										}),
+										/* @__PURE__ */ jsx(Typography, {
+											variant: "body2",
+											className: "text-text-secondary dark:text-text-secondary-dark mb-1",
+											children: t("studio_policy_help_step2_desc")
+										}),
+										/* @__PURE__ */ jsxs("ul", {
+											className: "list-disc pl-5 space-y-1 text-sm text-text-secondary dark:text-text-secondary-dark",
+											children: [
+												/* @__PURE__ */ jsxs("li", { children: [
+													/* @__PURE__ */ jsx("strong", { children: "public" }),
+													": ",
+													t("studio_policy_help_role_public")
+												] }),
+												/* @__PURE__ */ jsxs("li", { children: [
+													/* @__PURE__ */ jsx("strong", { children: "authenticated" }),
+													": ",
+													t("studio_policy_help_role_authenticated")
+												] }),
+												/* @__PURE__ */ jsxs("li", { children: [
+													/* @__PURE__ */ jsx("strong", { children: "anon" }),
+													": ",
+													t("studio_policy_help_role_anon")
+												] })
+											]
+										})
+									]
+								}),
+								/* @__PURE__ */ jsxs(Paper, {
+									className: cls("p-4 sm:p-5 flex flex-col gap-1", defaultBorderMixin),
+									children: [
+										/* @__PURE__ */ jsx(Typography, {
+											variant: "subtitle2",
+											className: "text-primary dark:text-primary-light font-medium",
+											children: t("studio_policy_help_step3_title")
+										}),
+										/* @__PURE__ */ jsx(Typography, {
+											variant: "body2",
+											className: "text-text-secondary dark:text-text-secondary-dark mb-1",
+											children: t("studio_policy_help_step3_desc")
+										}),
+										/* @__PURE__ */ jsx("div", {
+											className: cls("bg-surface-100 dark:bg-surface-950 px-3 py-2 rounded-md font-mono text-sm my-2", defaultBorderMixin),
+											children: "Example: auth.uid() = user_id"
+										}),
+										/* @__PURE__ */ jsx(Typography, {
+											variant: "caption",
+											className: "text-text-secondary dark:text-text-secondary-dark",
+											children: t("studio_policy_help_step3_example")
+										})
+									]
+								}),
+								/* @__PURE__ */ jsxs(Paper, {
+									className: cls("p-4 sm:p-5 flex flex-col gap-1", defaultBorderMixin),
+									children: [
+										/* @__PURE__ */ jsx(Typography, {
+											variant: "subtitle2",
+											className: "text-primary dark:text-primary-light font-medium",
+											children: t("studio_policy_help_step4_title")
+										}),
+										/* @__PURE__ */ jsx(Typography, {
+											variant: "body2",
+											className: "text-text-secondary dark:text-text-secondary-dark mb-1",
+											children: t("studio_policy_help_step4_desc")
+										}),
+										/* @__PURE__ */ jsx("div", {
+											className: cls("bg-surface-100 dark:bg-surface-950 px-3 py-2 rounded-md font-mono text-sm my-2", defaultBorderMixin),
+											children: "Example: auth.uid() = user_id"
+										}),
+										/* @__PURE__ */ jsx(Typography, {
+											variant: "caption",
+											className: "text-text-secondary dark:text-text-secondary-dark",
+											children: t("studio_policy_help_step4_example")
+										})
+									]
+								}),
+								/* @__PURE__ */ jsxs(Paper, {
+									className: cls("p-4 sm:p-5 flex flex-col gap-2 bg-primary/5 dark:bg-primary-bg-dark/10", defaultBorderMixin),
+									children: [
+										/* @__PURE__ */ jsx(Typography, {
+											variant: "subtitle2",
+											className: "text-primary dark:text-primary-light font-medium",
+											children: t("studio_policy_help_auth_vars_title")
+										}),
+										/* @__PURE__ */ jsx(Typography, {
+											variant: "body2",
+											className: "text-text-secondary dark:text-text-secondary-dark",
+											children: t("studio_policy_help_auth_vars_desc")
+										}),
+										/* @__PURE__ */ jsxs("ul", {
+											className: "list-disc pl-5 space-y-2 text-sm text-text-secondary dark:text-text-secondary-dark font-normal",
+											children: [
+												/* @__PURE__ */ jsxs("li", { children: [/* @__PURE__ */ jsx("code", {
+													className: "bg-surface-100 dark:bg-surface-950 px-1.5 py-0.5 rounded mr-1 whitespace-nowrap",
+													children: "auth.uid()"
+												}), /* @__PURE__ */ jsxs("span", {
+													className: "block mt-0.5",
+													children: ["Returns the current user's ID as text. Example: ", /* @__PURE__ */ jsx("code", {
+														className: "bg-surface-100 dark:bg-surface-950 px-1 py-0.5 rounded text-[11px]",
+														children: "auth.uid() = user_id"
+													})]
+												})] }),
+												/* @__PURE__ */ jsxs("li", { children: [/* @__PURE__ */ jsx("code", {
+													className: "bg-surface-100 dark:bg-surface-950 px-1.5 py-0.5 rounded mr-1 whitespace-nowrap",
+													children: "auth.jwt()"
+												}), /* @__PURE__ */ jsxs("span", {
+													className: "block mt-0.5",
+													children: ["Returns the full JWT payload as JSONB so you can check custom claims. Example: ", /* @__PURE__ */ jsx("code", {
+														className: "bg-surface-100 dark:bg-surface-950 px-1 py-0.5 rounded text-[11px]",
+														children: "auth.jwt() ->> 'email' = 'admin@example.com'"
+													})]
+												})] }),
+												/* @__PURE__ */ jsxs("li", { children: [/* @__PURE__ */ jsx("code", {
+													className: "bg-surface-100 dark:bg-surface-950 px-1.5 py-0.5 rounded mr-1 whitespace-nowrap",
+													children: "auth.roles()"
+												}), /* @__PURE__ */ jsxs("span", {
+													className: "block mt-0.5",
+													children: ["Returns the user's role IDs as a comma-separated string. Best used with: ", /* @__PURE__ */ jsx("code", {
+														className: "bg-surface-100 dark:bg-surface-950 px-1 py-0.5 rounded text-[11px]",
+														children: "string_to_array(auth.roles(), ',') @> ARRAY['admin']"
+													})]
+												})] })
+											]
+										})
+									]
+								})
+							]
+						}),
+						/* @__PURE__ */ jsxs("div", {
+							className: cls("mt-2 flex flex-col sm:flex-row justify-between items-start sm:items-center bg-primary/5 dark:bg-primary-bg-dark/10 p-4 rounded-xl border border-primary/10 dark:border-primary/20", defaultBorderMixin),
+							children: [/* @__PURE__ */ jsx(Typography, {
+								variant: "body2",
+								className: "text-primary dark:text-primary-light mb-4 sm:mb-0 max-w-md",
+								children: t("studio_policy_help_docs_cta")
+							}), /* @__PURE__ */ jsx(Button, {
+								component: "a",
+								href: "https://www.postgresql.org/docs/current/sql-createpolicy.html",
+								target: "_blank",
+								variant: "outlined",
+								color: "primary",
+								size: "small",
+								className: "whitespace-nowrap flex-shrink-0",
+								children: t("studio_policy_help_read_docs")
+							})]
+						})
+					]
+				}),
+				/* @__PURE__ */ jsx(DialogActions, {
+					className: "p-4 sm:px-6 sm:pb-6 pt-0 border-t-0",
+					children: /* @__PURE__ */ jsx(Button, {
+						onClick: () => setHelpOpen(false),
+						variant: "filled",
+						color: "primary",
+						children: t("studio_policy_help_got_it")
+					})
+				})
+			]
+		})
+	] });
+};
+//#endregion
+//#region src/components/RLSEditor/RLSEditor.tsx
+/**
+* Validates and double-quotes a SQL identifier to prevent injection.
+* Only allows safe Postgres identifiers (letters, digits, underscores).
+* Throws if the identifier contains unsafe characters.
+*/
+function sanitizeSqlIdentifier(name) {
+	if (!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(name)) throw new Error(`Invalid SQL identifier: "${name}". Only letters, digits, and underscores are allowed.`);
+	return `"${name}"`;
+}
+var RLSEditor = ({ apiUrl = "" }) => {
+	const { databaseAdmin } = useRebaseContext();
+	const snackbarController = useSnackbarController();
+	const collectionRegistry = useStudioCollectionRegistry();
+	const { t } = useTranslation();
+	const [isLoading, setIsLoading] = useState(true);
+	const [error, setError] = useState(null);
+	const [tables, setTables] = useState([]);
+	const [selectedTable, setSelectedTable] = useState(null);
+	const [activeTab, setActiveTab] = useState(0);
+	const [editingPolicy, setEditingPolicy] = useState(null);
+	const [sidebarSize, setSidebarSize] = useState(() => {
+		try {
+			const saved = localStorage.getItem("rebase_rls_editor_sidebar_size");
+			return saved !== null ? parseFloat(saved) : 20;
+		} catch (e) {
+			return 20;
+		}
+	});
+	const [expandedSchemas, setExpandedSchemas] = useState({ public: true });
+	const [sidebarTab, setSidebarTab] = useState("tables");
+	useEffect(() => {
+		try {
+			localStorage.setItem("rebase_rls_editor_sidebar_size", sidebarSize.toString());
+		} catch (e) {}
+	}, [sidebarSize]);
+	const fetchRLSData = useCallback(async () => {
+		if (!databaseAdmin?.executeSql) {
+			setError(t("studio_sql_sql_not_supported"));
+			setIsLoading(false);
+			return;
+		}
+		setIsLoading(true);
+		setError(null);
+		try {
+			const tablesResult = await databaseAdmin.executeSql(`
+                SELECT 
+                    schemaname, 
+                    tablename, 
+                    rowsecurity 
+                FROM pg_tables 
+                WHERE schemaname NOT IN ('information_schema', 'pg_catalog')
+                ORDER BY schemaname, tablename;
+            `);
+			const policiesResult = await databaseAdmin.executeSql(`
+                SELECT 
+                    schemaname,
+                    tablename,
+                    policyname,
+                    permissive,
+                    roles,
+                    cmd,
+                    qual,
+                    with_check
+                FROM pg_policies
+                WHERE schemaname NOT IN ('information_schema', 'pg_catalog');
+            `);
+			const extractRows = (result) => {
+				if (result && typeof result === "object" && "rows" in result && Array.isArray(result.rows)) return result.rows;
+				if (Array.isArray(result)) return result;
+				return [];
+			};
+			const tRows = extractRows(tablesResult);
+			const pRows = extractRows(policiesResult);
+			const tableMap = {};
+			tRows.forEach((tRow) => {
+				const t = tRow;
+				const schema = t.schemaname || t.SCHEMANAME || "public";
+				const table = t.tablename || t.TABLENAME || "";
+				const rlsEnabled = t.rowsecurity || t.ROWSECURITY || false;
+				const key = `${schema}.${table}`;
+				tableMap[key] = {
+					schemaName: schema,
+					tableName: table,
+					rlsEnabled,
+					policies: []
+				};
+			});
+			pRows.forEach((pRow) => {
+				const p = pRow;
+				const schema = p.schemaname || p.SCHEMANAME || "public";
+				const table = p.tablename || p.TABLENAME || "";
+				const key = `${schema}.${table}`;
+				if (tableMap[key]) {
+					let parsedRoles = [];
+					const r = p.roles || p.ROLES;
+					if (Array.isArray(r)) parsedRoles = r;
+					else if (typeof r === "string") parsedRoles = r.replace(/^{|}$/g, "").split(",").map((s) => s.trim());
+					tableMap[key].policies.push({
+						policyname: p.policyname || p.POLICYNAME || "",
+						tablename: table,
+						permissive: p.permissive || p.PERMISSIVE || "PERMISSIVE",
+						roles: parsedRoles,
+						cmd: p.cmd || p.CMD || "ALL",
+						qual: p.qual || p.QUAL || null,
+						with_check: p.with_check || p.WITH_CHECK || null
+					});
+				}
+			});
+			const sortedTables = Object.values(tableMap).sort((a, b) => a.tableName.localeCompare(b.tableName));
+			setTables(sortedTables);
+			if (sortedTables.length > 0 && !selectedTable) setSelectedTable(`${sortedTables[0].schemaName}.${sortedTables[0].tableName}`);
+		} catch (e) {
+			console.error("RLS fetch error:", e);
+			setError("Failed to fetch RLS policies: " + (e instanceof Error ? e.message : String(e)));
+		} finally {
+			setIsLoading(false);
+		}
+	}, [databaseAdmin, selectedTable]);
+	useEffect(() => {
+		setEditingPolicy(null);
+	}, [selectedTable]);
+	useEffect(() => {
+		fetchRLSData();
+	}, [fetchRLSData]);
+	const activeTableData = useMemo(() => {
+		if (!selectedTable) return null;
+		return tables.find((t) => `${t.schemaName}.${t.tableName}` === selectedTable) || null;
+	}, [selectedTable, tables]);
+	const groupedTables = useMemo(() => {
+		const groups = {};
+		tables.forEach((table) => {
+			if (!groups[table.schemaName]) groups[table.schemaName] = [];
+			groups[table.schemaName].push(table);
+		});
+		return groups;
+	}, [tables]);
+	const activeCollection = useMemo(() => {
+		if (!activeTableData) return null;
+		return collectionRegistry.collections?.find((c) => c.id === activeTableData.tableName || c.path === activeTableData.tableName || c.table === activeTableData.tableName || c.slug === activeTableData.tableName || c.collectionId === activeTableData.tableName) || null;
+	}, [activeTableData, collectionRegistry.collections]);
+	const mergedPolicies = useMemo(() => {
+		if (!activeTableData) return [];
+		const policiesMap = {};
+		(activeTableData.policies || []).forEach((p) => {
+			policiesMap[p.policyname] = {
+				...p,
+				status: "live"
+			};
+		});
+		if (activeCollection && isPostgresCollection(activeCollection) && activeCollection.securityRules) activeCollection.securityRules.forEach((rule) => {
+			const ruleName = rule.name;
+			if (!ruleName) return;
+			if (policiesMap[ruleName]) policiesMap[ruleName] = {
+				policyname: ruleName,
+				tablename: activeTableData.tableName,
+				permissive: (rule.mode || "permissive").toUpperCase(),
+				cmd: (rule.operation || "ALL").toUpperCase(),
+				roles: rule.roles || ["public"],
+				qual: rule.using || null,
+				with_check: rule.withCheck || null,
+				status: "both"
+			};
+			else policiesMap[ruleName] = {
+				policyname: ruleName,
+				tablename: activeTableData.tableName,
+				permissive: (rule.mode || "permissive").toUpperCase(),
+				cmd: (rule.operation || "ALL").toUpperCase(),
+				roles: rule.roles || ["public"],
+				qual: rule.using || null,
+				with_check: rule.withCheck || null,
+				status: "code_only"
+			};
+		});
+		return Object.values(policiesMap).sort((a, b) => a.policyname.localeCompare(b.policyname));
+	}, [activeTableData, activeCollection]);
+	const rlsStats = useMemo(() => {
+		return {
+			total: tables.length,
+			enabled: tables.filter((t) => t.rlsEnabled).length,
+			withPolicies: tables.filter((t) => t.policies.length > 0).length,
+			totalPolicies: tables.reduce((sum, t) => sum + t.policies.length, 0)
+		};
+	}, [tables]);
+	const renderPolicyTag = (label, value) => {
+		return /* @__PURE__ */ jsxs("div", {
+			className: "flex items-center gap-1.5 px-2 py-1 rounded-md bg-surface-100 dark:bg-surface-950 border border-surface-200 dark:border-surface-700/50",
+			children: [/* @__PURE__ */ jsxs("span", {
+				className: "text-[10px] uppercase text-text-secondary dark:text-text-secondary-dark font-medium tracking-wider",
+				children: [label, ":"]
+			}), /* @__PURE__ */ jsx("span", {
+				className: "font-mono text-xs text-text-primary dark:text-text-primary-dark break-all",
+				children: value
+			})]
+		});
+	};
+	return /* @__PURE__ */ jsx("div", {
+		className: "flex h-full w-full bg-white dark:bg-surface-950 overflow-hidden text-text-primary dark:text-text-primary-dark",
+		children: /* @__PURE__ */ jsx(ResizablePanels, {
+			orientation: "horizontal",
+			panelSizePercent: sidebarSize,
+			onPanelSizeChange: setSidebarSize,
+			minPanelSizePx: 220,
+			firstPanel: /* @__PURE__ */ jsxs("div", {
+				className: cls("flex flex-col h-full w-full bg-white dark:bg-surface-950 border-r", defaultBorderMixin),
+				children: [/* @__PURE__ */ jsxs(Tabs, {
+					value: sidebarTab,
+					onValueChange: (v) => setSidebarTab(v),
+					variant: "boxy",
+					className: "border-b border-surface-200 dark:border-surface-950",
+					children: [/* @__PURE__ */ jsx(Tab, {
+						value: "tables",
+						children: "Tables"
+					}), /* @__PURE__ */ jsx(Tab, {
+						value: "info",
+						children: "Info"
+					})]
+				}), /* @__PURE__ */ jsxs("div", {
+					className: "flex-grow overflow-hidden relative",
+					children: [sidebarTab === "tables" && /* @__PURE__ */ jsxs("div", {
+						className: "flex flex-col h-full",
+						children: [/* @__PURE__ */ jsxs("div", {
+							className: cls("flex items-center justify-between px-3 py-2 border-b bg-surface-50 dark:bg-surface-900 min-h-[48px]", defaultBorderMixin),
+							children: [/* @__PURE__ */ jsx(Typography, {
+								variant: "caption",
+								className: "font-bold uppercase tracking-wider text-text-disabled dark:text-text-disabled-dark",
+								children: t("studio_schema_tables")
+							}), /* @__PURE__ */ jsx(IconButton, {
+								size: "small",
+								onClick: fetchRLSData,
+								title: "Refresh",
+								children: /* @__PURE__ */ jsx(RefreshCwIcon, { size: iconSize.smallest })
+							})]
+						}), /* @__PURE__ */ jsx("div", {
+							className: "flex-grow overflow-y-auto no-scrollbar p-1",
+							children: isLoading && tables.length === 0 ? /* @__PURE__ */ jsx("div", {
+								className: "flex justify-center p-4",
+								children: /* @__PURE__ */ jsx(CircularProgress, { size: "small" })
+							}) : Object.keys(groupedTables).length === 0 ? /* @__PURE__ */ jsx("div", {
+								className: "p-4 text-center",
+								children: /* @__PURE__ */ jsx(Typography, {
+									variant: "caption",
+									className: "text-text-disabled dark:text-text-disabled-dark italic",
+									children: t("studio_rls_no_tables")
+								})
+							}) : Object.entries(groupedTables).map(([schemaName, schemaTables]) => /* @__PURE__ */ jsxs("div", {
+								className: "mb-2",
+								children: [/* @__PURE__ */ jsxs("div", {
+									className: "flex items-center p-1 cursor-pointer hover:bg-surface-100 dark:hover:bg-surface-950 rounded transition-colors",
+									onClick: () => setExpandedSchemas((prev) => ({
+										...prev,
+										[schemaName]: !prev[schemaName]
+									})),
+									children: [/* @__PURE__ */ jsx("svg", {
+										className: cls("w-3 h-3 mr-1 transition-transform", expandedSchemas[schemaName] ? "rotate-90" : ""),
+										fill: "currentColor",
+										viewBox: "0 0 20 20",
+										children: /* @__PURE__ */ jsx("path", { d: "M7.293 14.707a1 1 0 010-1.414L10.586 10 7.293 6.707a1 1 0 011.414-1.414l4 4a1 1 0 010 1.414l-4 4a1 1 0 01-1.414 0z" })
+									}), /* @__PURE__ */ jsx(Typography, {
+										variant: "body2",
+										className: "text-text-primary dark:text-text-primary-dark font-medium text-xs truncate flex-grow",
+										children: schemaName
+									})]
+								}), expandedSchemas[schemaName] && /* @__PURE__ */ jsx("div", {
+									className: "ml-3 mt-1 space-y-0.5",
+									children: schemaTables.map((table) => {
+										const key = `${table.schemaName}.${table.tableName}`;
+										return /* @__PURE__ */ jsxs("div", {
+											onClick: () => setSelectedTable(key),
+											className: cls("flex items-center p-1 cursor-pointer rounded transition-colors group relative", selectedTable === key ? "bg-primary/10 text-primary dark:bg-primary/20 dark:text-primary-light" : "hover:bg-surface-100 dark:hover:bg-surface-950 text-text-secondary dark:text-text-secondary-dark"),
+											children: [
+												/* @__PURE__ */ jsx("svg", {
+													className: "w-3.5 h-3.5 mr-1 shrink-0 text-text-disabled dark:text-text-disabled-dark",
+													fill: "none",
+													stroke: "currentColor",
+													viewBox: "0 0 24 24",
+													children: /* @__PURE__ */ jsx("path", {
+														strokeLinecap: "round",
+														strokeLinejoin: "round",
+														strokeWidth: 2,
+														d: "M3 10h18M3 14h18m-9-4v8m-7 0h14a2 2 0 002-2V8a2 2 0 00-2-2H5a2 2 0 00-2 2v10a2 2 0 002 2z"
+													})
+												}),
+												/* @__PURE__ */ jsx(Typography, {
+													variant: "body2",
+													className: "text-xs truncate flex-1 min-w-0",
+													children: table.tableName
+												}),
+												/* @__PURE__ */ jsxs("div", {
+													className: "flex items-center gap-1.5 shrink-0 ml-2",
+													children: [table.rlsEnabled ? /* @__PURE__ */ jsx(Tooltip, {
+														title: t("studio_rls_enabled"),
+														children: /* @__PURE__ */ jsx("div", { className: "w-1.5 h-1.5 rounded-full bg-green-500" })
+													}) : /* @__PURE__ */ jsx(Tooltip, {
+														title: t("studio_rls_disabled"),
+														children: /* @__PURE__ */ jsx("div", { className: "w-1.5 h-1.5 rounded-full bg-orange-400 opacity-50" })
+													}), /* @__PURE__ */ jsx("span", {
+														className: "text-[10px] opacity-40 group-hover:opacity-100 min-w-[1.2rem] text-right font-medium",
+														children: table.policies.length
+													})]
+												})
+											]
+										}, key);
+									})
+								})]
+							}, schemaName))
+						})]
+					}), sidebarTab === "info" && /* @__PURE__ */ jsxs("div", {
+						className: "flex flex-col h-full",
+						children: [/* @__PURE__ */ jsx("div", {
+							className: cls("flex items-center justify-between px-3 py-2 border-b bg-surface-50 dark:bg-surface-900 min-h-[48px]", defaultBorderMixin),
+							children: /* @__PURE__ */ jsx(Typography, {
+								variant: "caption",
+								className: "font-bold uppercase tracking-wider text-text-disabled dark:text-text-disabled-dark",
+								children: "Overview"
+							})
+						}), /* @__PURE__ */ jsxs("div", {
+							className: "flex-grow overflow-y-auto p-3 space-y-3 no-scrollbar",
+							children: [
+								/* @__PURE__ */ jsxs("div", {
+									className: cls("p-3 rounded-lg border bg-white dark:bg-surface-900", defaultBorderMixin),
+									children: [/* @__PURE__ */ jsxs("div", {
+										className: "flex items-center gap-2 mb-2",
+										children: [/* @__PURE__ */ jsx(ShieldIcon, {
+											size: iconSize.smallest,
+											className: "text-primary"
+										}), /* @__PURE__ */ jsx(Typography, {
+											variant: "body2",
+											className: "font-semibold text-[13px]",
+											children: "RLS Studio"
+										})]
+									}), /* @__PURE__ */ jsx(Typography, {
+										variant: "caption",
+										className: "text-text-secondary dark:text-text-secondary-dark text-[11px] leading-relaxed block",
+										children: "Manage Row Level Security policies for your PostgreSQL tables. Enable RLS and create fine-grained access policies."
+									})]
+								}),
+								/* @__PURE__ */ jsxs("div", {
+									className: "space-y-2",
+									children: [
+										/* @__PURE__ */ jsxs("div", {
+											className: cls("p-2.5 rounded border bg-white dark:bg-surface-900 flex items-center justify-between", defaultBorderMixin),
+											children: [/* @__PURE__ */ jsx(Typography, {
+												variant: "caption",
+												className: "text-text-secondary dark:text-text-secondary-dark text-[11px]",
+												children: "Total tables"
+											}), /* @__PURE__ */ jsx(Typography, {
+												variant: "body2",
+												className: "font-mono text-[13px] font-medium",
+												children: rlsStats.total
+											})]
+										}),
+										/* @__PURE__ */ jsxs("div", {
+											className: cls("p-2.5 rounded border bg-white dark:bg-surface-900 flex items-center justify-between", defaultBorderMixin),
+											children: [/* @__PURE__ */ jsx(Typography, {
+												variant: "caption",
+												className: "text-text-secondary dark:text-text-secondary-dark text-[11px]",
+												children: "RLS enabled"
+											}), /* @__PURE__ */ jsxs("div", {
+												className: "flex items-center gap-1.5",
+												children: [/* @__PURE__ */ jsx("div", { className: "w-1.5 h-1.5 rounded-full bg-green-500" }), /* @__PURE__ */ jsx(Typography, {
+													variant: "body2",
+													className: "font-mono text-[13px] font-medium",
+													children: rlsStats.enabled
+												})]
+											})]
+										}),
+										/* @__PURE__ */ jsxs("div", {
+											className: cls("p-2.5 rounded border bg-white dark:bg-surface-900 flex items-center justify-between", defaultBorderMixin),
+											children: [/* @__PURE__ */ jsx(Typography, {
+												variant: "caption",
+												className: "text-text-secondary dark:text-text-secondary-dark text-[11px]",
+												children: "Tables with policies"
+											}), /* @__PURE__ */ jsx(Typography, {
+												variant: "body2",
+												className: "font-mono text-[13px] font-medium",
+												children: rlsStats.withPolicies
+											})]
+										}),
+										/* @__PURE__ */ jsxs("div", {
+											className: cls("p-2.5 rounded border bg-white dark:bg-surface-900 flex items-center justify-between", defaultBorderMixin),
+											children: [/* @__PURE__ */ jsx(Typography, {
+												variant: "caption",
+												className: "text-text-secondary dark:text-text-secondary-dark text-[11px]",
+												children: "Total policies"
+											}), /* @__PURE__ */ jsx(Typography, {
+												variant: "body2",
+												className: "font-mono text-[13px] font-medium",
+												children: rlsStats.totalPolicies
+											})]
+										})
+									]
+								}),
+								rlsStats.total - rlsStats.enabled > 0 && /* @__PURE__ */ jsxs("div", {
+									className: cls("p-2.5 rounded border border-yellow-200 dark:border-yellow-900/50 bg-yellow-50 dark:bg-yellow-900/20 flex items-start gap-2", defaultBorderMixin),
+									children: [/* @__PURE__ */ jsx(AlertTriangleIcon, {
+										size: 14,
+										className: "text-yellow-600 dark:text-yellow-500 mt-0.5 shrink-0"
+									}), /* @__PURE__ */ jsxs("div", { children: [/* @__PURE__ */ jsxs(Typography, {
+										variant: "caption",
+										className: "text-yellow-800 dark:text-yellow-400 text-[11px] font-semibold block",
+										children: [
+											rlsStats.total - rlsStats.enabled,
+											" table",
+											rlsStats.total - rlsStats.enabled > 1 ? "s" : "",
+											" without RLS"
+										]
+									}), /* @__PURE__ */ jsx(Typography, {
+										variant: "caption",
+										className: "text-yellow-700 dark:text-yellow-600 text-[10px] block mt-0.5",
+										children: "These tables have no row-level access control. If auth enforcement is disabled, data may be publicly accessible."
+									})] })]
+								}),
+								rlsStats.enabled > 0 && rlsStats.enabled - rlsStats.withPolicies > 0 && /* @__PURE__ */ jsxs("div", {
+									className: cls("p-2.5 rounded border border-blue-200 dark:border-blue-900/50 bg-blue-50 dark:bg-blue-900/20 flex items-start gap-2", defaultBorderMixin),
+									children: [/* @__PURE__ */ jsx(ShieldIcon, {
+										size: 14,
+										className: "text-blue-600 dark:text-blue-400 mt-0.5 shrink-0"
+									}), /* @__PURE__ */ jsxs("div", { children: [/* @__PURE__ */ jsxs(Typography, {
+										variant: "caption",
+										className: "text-blue-800 dark:text-blue-300 text-[11px] font-semibold block",
+										children: [
+											rlsStats.enabled - rlsStats.withPolicies,
+											" table",
+											rlsStats.enabled - rlsStats.withPolicies > 1 ? "s" : "",
+											" with RLS but no policies"
+										]
+									}), /* @__PURE__ */ jsx(Typography, {
+										variant: "caption",
+										className: "text-blue-700 dark:text-blue-500 text-[10px] block mt-0.5",
+										children: "RLS is enabled but no permissive policies exist. All access is denied by default (Postgres deny-all)."
+									})] })]
+								})
+							]
+						})]
+					})]
+				})]
+			}),
+			secondPanel: /* @__PURE__ */ jsxs("div", {
+				className: "flex-grow flex flex-col min-w-0 h-full w-full bg-white dark:bg-surface-950",
+				children: [/* @__PURE__ */ jsxs("div", {
+					className: cls("flex items-center justify-between pr-2 border-b bg-white dark:bg-surface-950 min-h-[46px]", defaultBorderMixin),
+					children: [/* @__PURE__ */ jsxs("div", {
+						className: "flex items-center flex-grow overflow-hidden px-4",
+						children: [/* @__PURE__ */ jsx(Typography, {
+							variant: "subtitle2",
+							className: "font-mono text-text-secondary dark:text-text-secondary-dark truncate",
+							children: activeTableData ? `${activeTableData.schemaName}.${activeTableData.tableName}` : t("studio_rls_select_table")
+						}), activeTableData && /* @__PURE__ */ jsx("div", {
+							className: "ml-3",
+							children: activeTableData.rlsEnabled ? /* @__PURE__ */ jsx(Chip, {
+								size: "smallest",
+								className: "bg-green-100 text-green-800 dark:bg-green-900/30 dark:text-green-400 border-green-200 dark:border-green-800",
+								children: t("studio_rls_enabled")
+							}) : /* @__PURE__ */ jsx(Chip, {
+								size: "smallest",
+								className: "bg-yellow-100 text-yellow-800 dark:bg-yellow-900/30 dark:text-yellow-400 border-yellow-200 dark:border-yellow-800",
+								children: t("studio_rls_disabled")
+							})
+						})]
+					}), /* @__PURE__ */ jsx("div", {
+						className: "flex shrink-0 items-center justify-end gap-1.5",
+						children: activeTableData && /* @__PURE__ */ jsxs(Fragment, { children: [
+							/* @__PURE__ */ jsx(Button, {
+								variant: "text",
+								size: "small",
+								onClick: async () => {
+									const table = activeTableData.tableName;
+									const action = activeTableData.rlsEnabled ? "DISABLE" : "ENABLE";
+									if (!confirm(`Are you sure you want to ${action.toLowerCase()} Row Level Security on "${table}"?`)) return;
+									try {
+										await databaseAdmin.executeSql(`ALTER TABLE ${sanitizeSqlIdentifier(table)} ${action} ROW LEVEL SECURITY`);
+										snackbarController.open({
+											type: "success",
+											message: `RLS ${action.toLowerCase()}d on ${table}`
+										});
+										fetchRLSData();
+									} catch (e) {
+										snackbarController.open({
+											type: "error",
+											message: e instanceof Error ? e.message : String(e)
+										});
+									}
+								},
+								children: activeTableData.rlsEnabled ? t("studio_rls_disable_rls") : t("studio_rls_enable_rls")
+							}),
+							/* @__PURE__ */ jsx("div", { className: "h-4 w-px bg-surface-200 dark:bg-surface-950 mx-1" }),
+							/* @__PURE__ */ jsx(Button, {
+								variant: "text",
+								size: "small",
+								onClick: fetchRLSData,
+								startIcon: /* @__PURE__ */ jsx(RefreshCwIcon, { size: iconSize.smallest }),
+								children: "Refresh"
+							}),
+							/* @__PURE__ */ jsx("div", { className: "h-4 w-px bg-surface-200 dark:bg-surface-950 mx-1" }),
+							/* @__PURE__ */ jsx(Button, {
+								size: "small",
+								color: "primary",
+								disabled: !activeCollection,
+								onClick: () => setEditingPolicy("new"),
+								children: t("studio_rls_create_policy")
+							})
+						] })
+					})]
+				}), isLoading && !activeTableData ? /* @__PURE__ */ jsx("div", {
+					className: "flex-grow flex items-center justify-center h-full",
+					children: /* @__PURE__ */ jsx(CircularProgress, { size: "small" })
+				}) : error ? /* @__PURE__ */ jsx("div", {
+					className: "p-6 h-full flex items-center justify-center",
+					children: /* @__PURE__ */ jsx(ErrorView, {
+						title: t("studio_rls_error"),
+						error,
+						onRetry: fetchRLSData
+					})
+				}) : !activeTableData ? /* @__PURE__ */ jsx("div", {
+					className: "flex-grow flex items-center justify-center text-text-disabled h-full",
+					children: /* @__PURE__ */ jsxs("div", {
+						className: "text-center",
+						children: [/* @__PURE__ */ jsx("svg", {
+							className: "w-12 h-12 mx-auto mb-4 opacity-50",
+							fill: "none",
+							stroke: "currentColor",
+							viewBox: "0 0 24 24",
+							children: /* @__PURE__ */ jsx("path", {
+								strokeLinecap: "round",
+								strokeLinejoin: "round",
+								strokeWidth: 1,
+								d: "M12 15v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 002 2zm10-10V7a4 4 0 00-8 0v4h8z"
+							})
+						}), /* @__PURE__ */ jsx(Typography, {
+							variant: "body2",
+							children: t("studio_rls_select_table")
+						})]
+					})
+				}) : editingPolicy ? /* @__PURE__ */ jsx(PolicyEditor, {
+					policy: editingPolicy === "new" ? void 0 : editingPolicy,
+					schema: activeTableData.schemaName,
+					table: activeTableData.tableName,
+					onSave: async (newPolicy) => {
+						if (!activeCollection) return;
+						const rule = {
+							name: newPolicy.policyname,
+							operation: newPolicy.cmd?.toLowerCase(),
+							mode: newPolicy.permissive?.toLowerCase(),
+							using: newPolicy.qual || void 0,
+							withCheck: newPolicy.with_check || void 0,
+							roles: newPolicy.roles
+						};
+						const existingRules = (isPostgresCollection(activeCollection) ? activeCollection.securityRules : void 0) || [];
+						let newRules;
+						if (editingPolicy === "new") newRules = [...existingRules, rule];
+						else newRules = existingRules.map((r) => r.name === editingPolicy.policyname ? rule : r);
+						try {
+							if (!(await fetch(`${apiUrl}/api/schema-editor/collection/save`, {
+								method: "POST",
+								headers: { "Content-Type": "application/json" },
+								body: JSON.stringify({
+									collectionId: activeCollection.id || activeCollection.path || activeCollection.alias || activeTableData.tableName,
+									collectionData: { securityRules: newRules }
+								})
+							})).ok) throw new Error("Failed to save policy");
+							snackbarController.open({
+								type: "success",
+								message: "Policy saved successfully"
+							});
+							setEditingPolicy(null);
+							fetchRLSData();
+						} catch (e) {
+							snackbarController.open({
+								type: "error",
+								message: e instanceof Error ? e.message : String(e)
+							});
+						}
+					},
+					onCancel: () => setEditingPolicy(null)
+				}) : /* @__PURE__ */ jsx("div", {
+					className: "flex-grow flex flex-col overflow-hidden",
+					children: /* @__PURE__ */ jsx("div", {
+						className: "p-6 pt-4 flex-grow overflow-auto bg-surface-50 dark:bg-surface-900",
+						children: /* @__PURE__ */ jsxs("div", {
+							className: "max-w-4xl mx-auto flex flex-col gap-6",
+							children: [
+								activeTableData && !activeCollection && /* @__PURE__ */ jsxs(Alert, {
+									color: "warning",
+									children: [/* @__PURE__ */ jsx(Typography, {
+										variant: "body2",
+										className: "mb-1",
+										children: "Table not managed by Rebase"
+									}), /* @__PURE__ */ jsx(Typography, {
+										variant: "caption",
+										className: "opacity-80",
+										children: "This table is not mapped to a Rebase Schema via code. To edit security policies visually, you must first import this table into a Schema configuration file."
+									})]
+								}),
+								activeTableData && !activeTableData.rlsEnabled && /* @__PURE__ */ jsxs("div", {
+									className: cls("p-4 sm:p-5 bg-yellow-50 dark:bg-yellow-900/20 border border-yellow-200 dark:border-yellow-900/50 rounded-lg flex flex-col sm:flex-row gap-4 items-start sm:items-center justify-between", defaultBorderMixin),
+									children: [/* @__PURE__ */ jsxs("div", {
+										className: "flex gap-3 items-start",
+										children: [/* @__PURE__ */ jsx("div", {
+											className: "mt-1 bg-yellow-100 dark:bg-yellow-900/50 p-1.5 rounded-md shrink-0 flex items-center justify-center",
+											children: /* @__PURE__ */ jsx(AlertTriangleIcon, { size: iconSize.smallest })
+										}), /* @__PURE__ */ jsxs("div", { children: [/* @__PURE__ */ jsx(Typography, {
+											variant: "subtitle2",
+											className: "text-yellow-800 dark:text-yellow-500",
+											children: "Row Level Security (RLS) is disabled"
+										}), /* @__PURE__ */ jsx(Typography, {
+											variant: "body2",
+											className: "text-yellow-700 dark:text-yellow-600/90 mt-1 max-w-2xl",
+											children: "Your table is completely readable and writable by anyone with access privileges. Enable RLS to create policies that restrict access to specific rows."
+										})] })]
+									}), /* @__PURE__ */ jsx(Button, {
+										size: "medium",
+										variant: "filled",
+										color: "neutral",
+										onClick: () => setEditingPolicy("new"),
+										className: "shrink-0 whitespace-nowrap",
+										disabled: !activeCollection,
+										children: t("studio_rls_create_policy")
+									})]
+								}),
+								activeTableData && mergedPolicies && mergedPolicies.length > 0 && /* @__PURE__ */ jsxs("div", {
+									className: "flex flex-col gap-3",
+									children: [/* @__PURE__ */ jsx(Typography, {
+										variant: "subtitle2",
+										className: "text-text-secondary dark:text-text-secondary-dark uppercase tracking-wider mb-1",
+										children: t("studio_rls_policies")
+									}), mergedPolicies.map((policy) => /* @__PURE__ */ jsxs(Paper, {
+										className: cls("p-3 sm:px-4 sm:py-3 flex flex-col sm:flex-row sm:items-center justify-between gap-4 border rounded-lg", defaultBorderMixin),
+										children: [/* @__PURE__ */ jsxs("div", {
+											className: "flex flex-col gap-2 min-w-0",
+											children: [/* @__PURE__ */ jsxs("div", {
+												className: "flex items-center gap-2",
+												children: [
+													/* @__PURE__ */ jsx(KeyIcon, {
+														size: iconSize.smallest,
+														className: "text-text-secondary dark:text-text-secondary-dark shrink-0"
+													}),
+													/* @__PURE__ */ jsx(Typography, {
+														variant: "body2",
+														className: "truncate",
+														children: policy.policyname
+													}),
+													policy.status === "code_only" && /* @__PURE__ */ jsx(Tooltip, {
+														title: "This policy is defined in your code but hasn't been applied to the database yet.",
+														children: /* @__PURE__ */ jsx("div", {
+															className: "px-1.5 py-0.5 rounded text-[10px] uppercase bg-primary/10 text-primary border border-primary/20 shrink-0",
+															children: "Unapplied"
+														})
+													}),
+													policy.status === "live" && /* @__PURE__ */ jsx(Tooltip, {
+														title: "This policy is live in the database but missing from your codebase schema.",
+														children: /* @__PURE__ */ jsx("div", {
+															className: "px-1.5 py-0.5 rounded text-[10px] uppercase bg-orange-500/10 text-orange-600 border border-orange-500/20 shrink-0",
+															children: "DB Only"
+														})
+													})
+												]
+											}), /* @__PURE__ */ jsxs("div", {
+												className: "flex flex-wrap gap-1.5 text-sm",
+												children: [renderPolicyTag("Action", policy.cmd), renderPolicyTag("Roles", Array.isArray(policy.roles) ? policy.roles.join(", ") : policy.roles)]
+											})]
+										}), /* @__PURE__ */ jsxs("div", {
+											className: "flex gap-2 shrink-0 items-center",
+											children: [
+												policy.status === "live" && activeCollection && /* @__PURE__ */ jsx(Button, {
+													size: "small",
+													variant: "outlined",
+													color: "primary",
+													onClick: async () => {
+														const rule = {
+															name: policy.policyname,
+															operation: policy.cmd?.toLowerCase(),
+															mode: policy.permissive?.toLowerCase(),
+															using: policy.qual || void 0,
+															withCheck: policy.with_check || void 0,
+															roles: policy.roles
+														};
+														const newRules = [...(isPostgresCollection(activeCollection) ? activeCollection.securityRules : void 0) || [], rule];
+														try {
+															if (!(await fetch(`${apiUrl}/api/schema-editor/collection/save`, {
+																method: "POST",
+																headers: { "Content-Type": "application/json" },
+																body: JSON.stringify({
+																	collectionId: activeCollection.id || activeCollection.path || activeCollection.alias || activeTableData.tableName,
+																	collectionData: { securityRules: newRules }
+																})
+															})).ok) throw new Error("Failed to save policy");
+															snackbarController.open({
+																type: "success",
+																message: "Policy imported successfully"
+															});
+															fetchRLSData();
+														} catch (e) {
+															snackbarController.open({
+																type: "error",
+																message: e instanceof Error ? e.message : String(e)
+															});
+														}
+													},
+													children: "Import to codebase"
+												}),
+												/* @__PURE__ */ jsx(Button, {
+													size: "small",
+													variant: "text",
+													color: "primary",
+													onClick: () => setEditingPolicy(policy),
+													disabled: !activeCollection,
+													children: t("studio_rls_edit")
+												}),
+												policy.status !== "code_only" && /* @__PURE__ */ jsx(Tooltip, {
+													title: t("studio_rls_delete"),
+													asChild: true,
+													children: /* @__PURE__ */ jsx(IconButton, {
+														size: "small",
+														onClick: async () => {
+															const table = activeTableData.tableName;
+															if (!confirm(`Drop policy "${policy.policyname}" from table "${table}"?`)) return;
+															try {
+																await databaseAdmin.executeSql(`DROP POLICY ${sanitizeSqlIdentifier(policy.policyname)} ON ${sanitizeSqlIdentifier(table)}`);
+																snackbarController.open({
+																	type: "success",
+																	message: `Policy "${policy.policyname}" dropped`
+																});
+																fetchRLSData();
+															} catch (e) {
+																snackbarController.open({
+																	type: "error",
+																	message: e instanceof Error ? e.message : String(e)
+																});
+															}
+														},
+														children: /* @__PURE__ */ jsx(Trash2Icon, { size: iconSize.smallest })
+													})
+												})
+											]
+										})]
+									}, policy.policyname))]
+								}),
+								activeTableData && mergedPolicies.length === 0 && activeTableData.rlsEnabled && /* @__PURE__ */ jsxs("div", {
+									className: "flex flex-col items-center justify-center py-12 text-center",
+									children: [
+										/* @__PURE__ */ jsx(ShieldIcon, {
+											size: 40,
+											className: "text-surface-300 dark:text-surface-600 mb-4"
+										}),
+										/* @__PURE__ */ jsx(Typography, {
+											variant: "subtitle2",
+											className: "text-text-secondary dark:text-text-secondary-dark mb-2",
+											children: "No policies defined"
+										}),
+										/* @__PURE__ */ jsx(Typography, {
+											variant: "caption",
+											className: "text-text-disabled dark:text-text-disabled-dark max-w-sm mb-4",
+											children: "RLS is enabled on this table but no policies exist. All access is denied by default (Postgres deny-all). Create a policy to allow specific access."
+										}),
+										activeCollection && /* @__PURE__ */ jsx(Button, {
+											size: "small",
+											variant: "filled",
+											color: "primary",
+											onClick: () => setEditingPolicy("new"),
+											children: t("studio_rls_create_policy")
+										})
+									]
+								}),
+								activeTableData && mergedPolicies.length === 0 && !activeTableData.rlsEnabled && activeCollection && /* @__PURE__ */ jsxs("div", {
+									className: "flex flex-col items-center justify-center py-12 text-center",
+									children: [
+										/* @__PURE__ */ jsx(AlertTriangleIcon, {
+											size: 40,
+											className: "text-yellow-400 dark:text-yellow-600 mb-4"
+										}),
+										/* @__PURE__ */ jsx(Typography, {
+											variant: "subtitle2",
+											className: "text-text-secondary dark:text-text-secondary-dark mb-2",
+											children: "No access control"
+										}),
+										/* @__PURE__ */ jsx(Typography, {
+											variant: "caption",
+											className: "text-text-disabled dark:text-text-disabled-dark max-w-sm",
+											children: "This table has neither RLS nor policies. Enable RLS and create policies to restrict row-level access."
+										})
+									]
+								})
+							]
+						})
+					})
+				})]
+			})
+		})
+	});
+};
+//#endregion
+export { RLSEditor };
+
+//# sourceMappingURL=RLSEditor-DpF1u9EC.js.map