Hugging Face's logo

Spaces:
RaiffsBits
/
pidrio
Running

App Files Community
pidrio
File size: 2,129 Bytes 
43172ae
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 
/*
  # Storage and RLS Policy Setup

  1. Changes
    - Create storage bucket policies for file access
    - Create table policies for file management
    - Enable RLS on codette_files table
  
  2. Security
    - Authenticated users can read files
    - Admin users can upload files
    - RLS enabled on codette_files table
*/

-- Create storage bucket if it doesn't exist
DO $$
BEGIN
    INSERT INTO storage.buckets (id, name)
    VALUES ('codette-files', 'codette-files')
    ON CONFLICT (id) DO NOTHING;
END $$;

-- Storage Policies
DO $$
BEGIN
    -- Drop existing policies to avoid conflicts
    DROP POLICY IF EXISTS "Allow authenticated users to read files" ON storage.objects;
    DROP POLICY IF EXISTS "Allow admin users to upload files" ON storage.objects;
    
    -- Create new storage policies
    CREATE POLICY "Allow authenticated users to read files"
    ON storage.objects FOR SELECT
    TO authenticated
    USING (bucket_id = 'codette-files');

    CREATE POLICY "Allow admin users to upload files"
    ON storage.objects FOR INSERT
    TO authenticated
    WITH CHECK (
        bucket_id = 'codette-files' 
        AND (auth.jwt() ->> 'role' = 'admin')
    );
END $$;

-- File Management Table Policies
DO $$
BEGIN
    -- Drop existing policies to avoid conflicts
    DROP POLICY IF EXISTS "Allow authenticated users to read files" ON public.codette_files;
    DROP POLICY IF EXISTS "Allow admin users to insert files" ON public.codette_files;
    DROP POLICY IF EXISTS "Allow authenticated users to insert files" ON public.codette_files;
    
    -- Create new table policies
    CREATE POLICY "Allow authenticated users to read files"
    ON public.codette_files FOR SELECT
    TO authenticated
    USING (true);

    CREATE POLICY "Allow admin users to insert files"
    ON public.codette_files FOR INSERT
    TO authenticated
    WITH CHECK (auth.jwt() ->> 'role' = 'admin');

    CREATE POLICY "Allow authenticated users to insert files"
    ON public.codette_files FOR INSERT
    TO authenticated
    WITH CHECK (true);
END $$;

-- Enable RLS
ALTER TABLE public.codette_files ENABLE ROW LEVEL SECURITY;