43 lines
1004 B
SQL
43 lines
1004 B
SQL
|
|
-- Add RLS policies for admin to manage tours
|
|
-- Drop existing policies if they exist
|
|
DROP POLICY IF EXISTS "admin_can_insert_tours" ON tours;
|
|
DROP POLICY IF EXISTS "admin_can_update_tours" ON tours;
|
|
DROP POLICY IF EXISTS "admin_can_delete_tours" ON tours;
|
|
|
|
-- Allow admins to insert tours
|
|
CREATE POLICY "admin_can_insert_tours" ON tours
|
|
FOR INSERT
|
|
TO authenticated
|
|
WITH CHECK (
|
|
EXISTS (
|
|
SELECT 1 FROM profiles
|
|
WHERE profiles.id = auth.uid()
|
|
AND profiles.role = 'admin'
|
|
)
|
|
);
|
|
|
|
-- Allow admins to update tours
|
|
CREATE POLICY "admin_can_update_tours" ON tours
|
|
FOR UPDATE
|
|
TO authenticated
|
|
USING (
|
|
EXISTS (
|
|
SELECT 1 FROM profiles
|
|
WHERE profiles.id = auth.uid()
|
|
AND profiles.role = 'admin'
|
|
)
|
|
);
|
|
|
|
-- Allow admins to delete tours
|
|
CREATE POLICY "admin_can_delete_tours" ON tours
|
|
FOR DELETE
|
|
TO authenticated
|
|
USING (
|
|
EXISTS (
|
|
SELECT 1 FROM profiles
|
|
WHERE profiles.id = auth.uid()
|
|
AND profiles.role = 'admin'
|
|
)
|
|
);
|