From ece12394dcfcdee519ded82a3fd0847620e8401b Mon Sep 17 00:00:00 2001 From: Marc-Antoine Parent Date: Fri, 5 Jun 2026 11:18:52 -0400 Subject: [PATCH] eng-1837-add-public-status-in-db --- .../20260605142437_public_resource_access.sql | 19 +++++++++++++++++++ .../database/supabase/schemas/account.sql | 5 +++++ .../database/supabase/schemas/concept.sql | 1 + .../database/supabase/schemas/content.sql | 3 +++ 4 files changed, 28 insertions(+) create mode 100644 packages/database/supabase/migrations/20260605142437_public_resource_access.sql diff --git a/packages/database/supabase/migrations/20260605142437_public_resource_access.sql b/packages/database/supabase/migrations/20260605142437_public_resource_access.sql new file mode 100644 index 000000000..b88a5e171 --- /dev/null +++ b/packages/database/supabase/migrations/20260605142437_public_resource_access.sql @@ -0,0 +1,19 @@ +CREATE OR REPLACE FUNCTION public.my_user_accounts() RETURNS SETOF UUID +STABLE SECURITY DEFINER +SET search_path = '' +LANGUAGE sql +AS $$ + SELECT auth.uid() WHERE auth.uid() IS NOT NULL UNION + SELECT '00000000-0000-0000-0000-000000000000'::uuid UNION + SELECT group_id FROM public.group_membership + WHERE member_id = auth.uid(); +$$; + + +GRANT SELECT ON TABLE public."ResourceAccess" TO anon; +GRANT SELECT ON TABLE public."Document" TO anon; +GRANT SELECT ON TABLE public."Content" TO anon; +GRANT SELECT ON TABLE public."Concept" TO anon; + +INSERT INTO auth.users (instance_id, id, aud, role, created_at, updated_at, is_super_admin, is_anonymous) +VALUES ('00000000-0000-0000-0000-000000000000', '00000000-0000-0000-0000-000000000000', 'anon', 'anon', now(), now(), false, true); diff --git a/packages/database/supabase/schemas/account.sql b/packages/database/supabase/schemas/account.sql index 73b59baf4..a10a52947 100644 --- a/packages/database/supabase/schemas/account.sql +++ b/packages/database/supabase/schemas/account.sql @@ -1,3 +1,7 @@ +-- Anonymous pseudo-user +INSERT INTO auth.users (instance_id, id, aud, role, created_at, updated_at, is_super_admin, is_anonymous) +VALUES ('00000000-0000-0000-0000-000000000000', '00000000-0000-0000-0000-000000000000', 'anon', 'anon', now(), now(), false, true); + CREATE TYPE public."AgentType" AS ENUM ( 'person', 'organization', @@ -219,6 +223,7 @@ SET search_path = '' LANGUAGE sql AS $$ SELECT auth.uid() WHERE auth.uid() IS NOT NULL UNION + SELECT '00000000-0000-0000-0000-000000000000'::uuid UNION SELECT group_id FROM public.group_membership WHERE member_id = auth.uid(); $$; diff --git a/packages/database/supabase/schemas/concept.sql b/packages/database/supabase/schemas/concept.sql index ade37cdbf..c0bcd932e 100644 --- a/packages/database/supabase/schemas/concept.sql +++ b/packages/database/supabase/schemas/concept.sql @@ -106,6 +106,7 @@ ADD CONSTRAINT "Concept_space_id_fkey" FOREIGN KEY ( REVOKE ALL ON TABLE public."Concept" FROM anon; +GRANT SELECT ON TABLE public."Concept" TO anon; GRANT ALL ON TABLE public."Concept" TO authenticated; GRANT ALL ON TABLE public."Concept" TO service_role; diff --git a/packages/database/supabase/schemas/content.sql b/packages/database/supabase/schemas/content.sql index 98f18f179..ae75b41c4 100644 --- a/packages/database/supabase/schemas/content.sql +++ b/packages/database/supabase/schemas/content.sql @@ -183,12 +183,15 @@ CREATE INDEX resource_access_content_local_id_idx ON public."ResourceAccess" (so GRANT ALL ON TABLE public."ResourceAccess" TO authenticated; GRANT ALL ON TABLE public."ResourceAccess" TO service_role; REVOKE ALL ON TABLE public."ResourceAccess" FROM anon; +GRANT SELECT ON TABLE public."ResourceAccess" TO anon; REVOKE ALL ON TABLE public."Document" FROM anon; +GRANT SELECT ON TABLE public."Document" TO anon; GRANT ALL ON TABLE public."Document" TO authenticated; GRANT ALL ON TABLE public."Document" TO service_role; REVOKE ALL ON TABLE public."Content" FROM anon; +GRANT SELECT ON TABLE public."Content" TO anon; GRANT ALL ON TABLE public."Content" TO authenticated; GRANT ALL ON TABLE public."Content" TO service_role;