Update localization texts, add permissions check, and seed data
This commit removes the membersTabDescription, updates the deleteAccountDescription text in the localization files, and adds a condition to check permissions in account invitation component. It also includes test credentials in README and provides a significant amount of seed data for testing the database.
This commit is contained in:
giancarlo
@@ -104,7 +104,7 @@ create type public.payment_status as ENUM(
|
||||
|
||||
/*
|
||||
* Billing Provider
|
||||
- We create the billing provider for the Supabase MakerKit. These providers are used to manage the billing provider for the accounts and organizations
|
||||
- We create the billing provider for the Supabase MakerKit. These providers are used to manage the billing provider for the accounts
|
||||
- The providers are 'stripe', 'lemon-squeezy', and 'paddle'.
|
||||
- You can add more providers as needed.
|
||||
*/
|
||||
@@ -268,7 +268,7 @@ grant execute on function public.is_set(text) to authenticated;
|
||||
/*
|
||||
* -------------------------------------------------------
|
||||
* Section: Accounts
|
||||
* We create the schema for the accounts. Accounts are the top level entity in the Supabase MakerKit. They can be organizations or personal accounts.
|
||||
* We create the schema for the accounts. Accounts are the top level entity in the Supabase MakerKit. They can be team or personal accounts.
|
||||
* -------------------------------------------------------
|
||||
*/
|
||||
-- Accounts table
|
||||
@@ -289,7 +289,7 @@ create table if not exists public.accounts(
|
||||
primary key (id)
|
||||
);
|
||||
|
||||
comment on table public.accounts is 'Accounts are the top level entity in the Supabase MakerKit. They can be organizations or personal accounts.';
|
||||
comment on table public.accounts is 'Accounts are the top level entity in the Supabase MakerKit. They can be team or personal accounts.';
|
||||
|
||||
comment on column public.accounts.is_personal_account is 'Whether the account is a personal account or not';
|
||||
|
||||
@@ -299,7 +299,7 @@ comment on column public.accounts.slug is 'The slug of the account';
|
||||
|
||||
comment on column public.accounts.primary_owner_user_id is 'The primary owner of the account';
|
||||
|
||||
comment on column public.accounts.email is 'The email of the account. For organizations, this is the email of the organization (if any)';
|
||||
comment on column public.accounts.email is 'The email of the account. For teams, this is the email of the team (if any)';
|
||||
|
||||
-- Enable RLS on the accounts table
|
||||
alter table "public"."accounts" enable row level security;
|
||||
@@ -774,41 +774,6 @@ create policy accounts_team_read on public.accounts
|
||||
where
|
||||
public.is_team_member(membership.account_id, id)));
|
||||
|
||||
/*
|
||||
* -------------------------------------------------------
|
||||
* Section: Account Roles
|
||||
* We create the schema for the account roles. Account roles are the roles for an account.
|
||||
* -------------------------------------------------------
|
||||
*/
|
||||
-- Account Roles table
|
||||
create table public.account_roles(
|
||||
id bigint generated by default as identity primary key,
|
||||
account_id uuid references public.accounts(id) on delete cascade not null,
|
||||
role varchar(50) references public.roles(name) not null,
|
||||
unique (account_id, role)
|
||||
);
|
||||
|
||||
comment on table public.account_roles is 'The roles for an account';
|
||||
|
||||
comment on column public.account_roles.account_id is 'The account the role is for';
|
||||
|
||||
comment on column public.account_roles.role is 'The role for the account';
|
||||
|
||||
-- Open up access to account roles
|
||||
grant select, insert, update, delete on table public.account_roles to
|
||||
authenticated, service_role;
|
||||
|
||||
-- Enable RLS on the account_roles table
|
||||
alter table public.account_roles enable row level security;
|
||||
|
||||
-- RLS
|
||||
-- SELECT: Users can read account roles of an account they are a
|
||||
-- member of
|
||||
create policy account_roles_read_self on public.account_roles
|
||||
for select to authenticated
|
||||
using (has_role_on_account(account_id));
|
||||
|
||||
|
||||
/*
|
||||
* -------------------------------------------------------
|
||||
* Section: Role Permissions
|
||||
@@ -948,7 +913,8 @@ create table if not exists public.invitations(
|
||||
created_at timestamptz default current_timestamp not null,
|
||||
updated_at timestamptz default current_timestamp not null,
|
||||
expires_at timestamptz default current_timestamp + interval
|
||||
'7 days' not null
|
||||
'7 days' not null,
|
||||
unique(email, account_id)
|
||||
);
|
||||
|
||||
comment on table public.invitations is 'The invitations for an account';
|
||||
@@ -961,6 +927,10 @@ comment on column public.invitations.role is 'The role for the invitation';
|
||||
|
||||
comment on column public.invitations.invite_token is 'The token for the invitation';
|
||||
|
||||
comment on column public.invitations.expires_at is 'The expiry date for the invitation';
|
||||
|
||||
comment on column public.invitations.email is 'The email of the user being invited';
|
||||
|
||||
-- Open up access to invitations table for authenticated users and
|
||||
-- service_role
|
||||
grant select, insert, update, delete on table public.invitations to
|
||||
@@ -969,7 +939,7 @@ grant select, insert, update, delete on table public.invitations to
|
||||
-- Enable RLS on the invitations table
|
||||
alter table public.invitations enable row level security;
|
||||
|
||||
create or replace function check_organization_account()
|
||||
create or replace function check_team_account()
|
||||
returns trigger
|
||||
as $$
|
||||
begin
|
||||
@@ -980,7 +950,7 @@ begin
|
||||
public.accounts
|
||||
where
|
||||
id = new.account_id) then
|
||||
raise exception 'Account must be an organization account';
|
||||
raise exception 'Account must be an team account';
|
||||
|
||||
end if;
|
||||
|
||||
@@ -991,9 +961,9 @@ end;
|
||||
$$
|
||||
language plpgsql;
|
||||
|
||||
create trigger only_organization_accounts_check
|
||||
create trigger only_team_accounts_check
|
||||
before insert or update on public.invitations for each row
|
||||
execute procedure check_organization_account();
|
||||
execute procedure check_team_account();
|
||||
|
||||
-- RLS
|
||||
-- SELECT: Users can read invitations to users of an account they
|
||||
@@ -1108,6 +1078,8 @@ comment on column public.billing_customers.provider is 'The provider of the bill
|
||||
|
||||
comment on column public.billing_customers.customer_id is 'The customer ID for the billing customer';
|
||||
|
||||
comment on column public.billing_customers.email is 'The email of the billing customer';
|
||||
|
||||
-- Open up access to billing_customers table for authenticated users
|
||||
-- and service_role
|
||||
grant select, insert, update, delete on table
|
||||
@@ -1172,6 +1144,11 @@ comment on column public.subscriptions.trial_starts_at is 'The start of the tria
|
||||
|
||||
comment on column public.subscriptions.trial_ends_at is 'The end of the trial period for the subscription';
|
||||
|
||||
comment on column public.subscriptions.active is 'Whether the subscription is active';
|
||||
|
||||
comment on column public.subscriptions.billing_customer_id is 'The billing customer ID for the subscription';
|
||||
|
||||
|
||||
-- Open up access to subscriptions table for authenticated users and
|
||||
-- service_role
|
||||
grant select, insert, update, delete on table public.subscriptions to
|
||||
@@ -1403,8 +1380,21 @@ create table if not exists public.orders(
|
||||
updated_at timestamptz not null default current_timestamp
|
||||
);
|
||||
|
||||
-- Open up access to subscription_items table for authenticated users
|
||||
-- and service_role
|
||||
comment on table public.orders is 'The one-time orders for an account';
|
||||
|
||||
comment on column public.orders.account_id is 'The account the order is for';
|
||||
|
||||
comment on column public.orders.billing_provider is 'The provider of the order';
|
||||
|
||||
comment on column public.orders.total_amount is 'The total amount for the order';
|
||||
|
||||
comment on column public.orders.currency is 'The currency for the order';
|
||||
|
||||
comment on column public.orders.status is 'The status of the order';
|
||||
|
||||
comment on column public.orders.billing_customer_id is 'The billing customer ID for the order';
|
||||
|
||||
-- Open up access to orders table for authenticated users and service_role
|
||||
grant select on table public.orders to authenticated;
|
||||
|
||||
grant select, insert, update, delete on table public.orders to service_role;
|
||||
@@ -1420,7 +1410,6 @@ create policy orders_read_self on public.orders
|
||||
using ((account_id = auth.uid() and public.is_set('enable_account_billing'))
|
||||
or (has_role_on_account(account_id) and public.is_set('enable_team_account_billing')));
|
||||
|
||||
|
||||
/**
|
||||
* -------------------------------------------------------
|
||||
* Section: Order Items
|
||||
@@ -1438,6 +1427,22 @@ create table if not exists public.order_items(
|
||||
unique (order_id, product_id, variant_id)
|
||||
);
|
||||
|
||||
comment on table public.order_items is 'The items in an order';
|
||||
|
||||
comment on column public.order_items.order_id is 'The order the item is for';
|
||||
|
||||
comment on column public.order_items.product_id is 'The product ID for the item';
|
||||
|
||||
comment on column public.order_items.variant_id is 'The variant ID for the item';
|
||||
|
||||
comment on column public.order_items.price_amount is 'The price amount for the item';
|
||||
|
||||
comment on column public.order_items.quantity is 'The quantity of the item';
|
||||
|
||||
comment on column public.order_items.created_at is 'The creation date of the item';
|
||||
|
||||
comment on column public.order_items.updated_at is 'The last update date of the item';
|
||||
|
||||
-- Open up access to order_items table for authenticated users and
|
||||
-- service_role
|
||||
grant select on table public.order_items to authenticated, service_role;
|
||||
@@ -1737,7 +1742,7 @@ grant execute on function public.create_team_account(text) to
|
||||
authenticated, service_role;
|
||||
|
||||
-- RLS
|
||||
-- Authenticated users can create organization accounts
|
||||
-- Authenticated users can create team accounts
|
||||
create policy create_org_account on public.accounts
|
||||
for insert to authenticated
|
||||
with check (
|
||||
@@ -1821,7 +1826,7 @@ where
|
||||
grant select on public.user_accounts to authenticated, service_role;
|
||||
|
||||
--
|
||||
-- Function: get the account workspace for an organization account
|
||||
-- Function: get the account workspace for a team account
|
||||
-- to load all the required data for the authenticated user within the account scope
|
||||
create or replace function
|
||||
public.team_account_workspace(account_slug text)
|
||||
@@ -1875,6 +1880,7 @@ grant execute on function public.team_account_workspace(text)
|
||||
to authenticated, service_role;
|
||||
|
||||
-- Functions: get account members
|
||||
-- Function to get the members of an account by the account slug
|
||||
create or replace function public.get_account_members(account_slug text)
|
||||
returns table(
|
||||
id uuid,
|
||||
@@ -1919,6 +1925,7 @@ $$;
|
||||
grant execute on function public.get_account_members(text) to
|
||||
authenticated, service_role;
|
||||
|
||||
-- Function to get the account invitations by the account slug
|
||||
create or replace function public.get_account_invitations(account_slug text)
|
||||
returns table(
|
||||
id integer,
|
||||
@@ -1960,6 +1967,7 @@ language plpgsql;
|
||||
grant execute on function public.get_account_invitations(text) to
|
||||
authenticated, service_role;
|
||||
|
||||
-- Function to append invitations to an account
|
||||
create or replace function
|
||||
public.add_invitations_to_account(account_slug text, invitations
|
||||
public.invitation[])
|
||||
|
||||
Reference in New Issue
Block a user