fix(storage): split_part statt storage.foldername in Policies
Die Storage-API droppt/erstellt storage.foldername() bei ihren Boot-
Migrations neu. Policies, die davon abhingen, blockierten den Drop
('cannot drop function foldername') und schickten die Storage-API in
eine Crash-Loop. split_part(name,'/',1) liefert dieselbe erste
Pfad-Komponente (studio_id) ohne diese Kopplung.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -26,34 +26,40 @@ on conflict (id) do nothing;
|
|||||||
-- RLS-Policies auf storage.objects
|
-- RLS-Policies auf storage.objects
|
||||||
-- ────────────────────────────────────────────────────────────────────────────
|
-- ────────────────────────────────────────────────────────────────────────────
|
||||||
-- Prinzip: erste Pfad-Komponente ist studio_id; Zugriff nur wenn Member.
|
-- Prinzip: erste Pfad-Komponente ist studio_id; Zugriff nur wenn Member.
|
||||||
-- `(storage.foldername(name))[1]` gibt die erste Pfad-Komponente zurück.
|
-- `split_part(name, '/', 1)` gibt die erste Pfad-Komponente zurück.
|
||||||
|
--
|
||||||
|
-- Bewusst NICHT storage.foldername() benutzen: die Storage-API droppt/erstellt
|
||||||
|
-- diese Funktion bei ihren eigenen Boot-Migrations neu. Eine Policy-Abhängigkeit
|
||||||
|
-- darauf würde diesen Drop blockieren ("cannot drop function foldername") und
|
||||||
|
-- die Storage-API in eine Crash-Loop schicken. split_part ist ein eingebautes
|
||||||
|
-- Postgres-Builtin ohne diese Kopplung.
|
||||||
|
|
||||||
create policy "rapport_storage_read"
|
create policy "rapport_storage_read"
|
||||||
on storage.objects for select
|
on storage.objects for select
|
||||||
using (
|
using (
|
||||||
bucket_id in ('receipts','logos')
|
bucket_id in ('receipts','logos')
|
||||||
and is_studio_member( (storage.foldername(name))[1]::uuid )
|
and is_studio_member( split_part(name, '/', 1)::uuid )
|
||||||
);
|
);
|
||||||
|
|
||||||
create policy "rapport_storage_insert"
|
create policy "rapport_storage_insert"
|
||||||
on storage.objects for insert
|
on storage.objects for insert
|
||||||
with check (
|
with check (
|
||||||
bucket_id in ('receipts','logos')
|
bucket_id in ('receipts','logos')
|
||||||
and is_studio_member( (storage.foldername(name))[1]::uuid )
|
and is_studio_member( split_part(name, '/', 1)::uuid )
|
||||||
);
|
);
|
||||||
|
|
||||||
create policy "rapport_storage_update"
|
create policy "rapport_storage_update"
|
||||||
on storage.objects for update
|
on storage.objects for update
|
||||||
using (
|
using (
|
||||||
bucket_id in ('receipts','logos')
|
bucket_id in ('receipts','logos')
|
||||||
and is_studio_member( (storage.foldername(name))[1]::uuid )
|
and is_studio_member( split_part(name, '/', 1)::uuid )
|
||||||
);
|
);
|
||||||
|
|
||||||
create policy "rapport_storage_delete"
|
create policy "rapport_storage_delete"
|
||||||
on storage.objects for delete
|
on storage.objects for delete
|
||||||
using (
|
using (
|
||||||
bucket_id in ('receipts','logos')
|
bucket_id in ('receipts','logos')
|
||||||
and is_studio_member( (storage.foldername(name))[1]::uuid )
|
and is_studio_member( split_part(name, '/', 1)::uuid )
|
||||||
);
|
);
|
||||||
|
|
||||||
-- ────────────────────────────────────────────────────────────────────────────
|
-- ────────────────────────────────────────────────────────────────────────────
|
||||||
|
|||||||
Reference in New Issue
Block a user