#!/bin/sh set -e # =========================================================================== # Docker dev bootstrap — runs AFTER app migrations # Seeds the DB, removes MFA, patches is_super_admin for local dev (no aal2). # =========================================================================== PSQL="psql -v ON_ERROR_STOP=0 --no-password --no-psqlrc -U supabase_admin -d postgres -h supabase-db" echo "🌱 Running seed.sql..." $PSQL -f /app-seed/seed.sql 2>&1 || true echo "🔓 Removing MFA factors for dev..." $PSQL -c "DELETE FROM auth.mfa_factors;" 2>&1 || true $PSQL -c "DELETE FROM auth.mfa_challenges;" 2>&1 || true echo "🔄 Fixing auth sequences after seed import..." $PSQL -c "SELECT setval('auth.refresh_tokens_id_seq', (SELECT COALESCE(MAX(id), 0) + 1 FROM auth.refresh_tokens));" 2>&1 || true $PSQL -c "SELECT setval(pg_get_serial_sequence('public.role_permissions', 'id'), (SELECT COALESCE(MAX(id), 0) + 1 FROM public.role_permissions));" 2>&1 || true echo "🔧 Patching is_super_admin() — skip aal2 for local dev..." cat <<'EOSQL' | $PSQL CREATE OR REPLACE FUNCTION public.is_super_admin() RETURNS boolean LANGUAGE plpgsql SECURITY DEFINER AS $fn$ declare r boolean; begin select (auth.jwt() ->> 'app_metadata')::jsonb ->> 'role' = 'super-admin' into r; return coalesce(r, false); end $fn$; EOSQL echo "🌐 Adding anon read policy for public club pages..." $PSQL -c "DO \$\$ BEGIN IF NOT EXISTS (SELECT 1 FROM pg_policy WHERE polname = 'accounts_public_read') THEN CREATE POLICY accounts_public_read ON public.accounts FOR SELECT TO anon USING (is_personal_account = false AND id IN (SELECT account_id FROM public.site_settings WHERE is_public = true)); END IF; IF NOT EXISTS (SELECT 1 FROM pg_policy WHERE polname = 'events_public_read') THEN CREATE POLICY events_public_read ON public.events FOR SELECT TO anon USING (account_id IN (SELECT account_id FROM public.site_settings WHERE is_public = true)); END IF; IF NOT EXISTS (SELECT 1 FROM pg_policy WHERE polname = 'courses_public_read') THEN CREATE POLICY courses_public_read ON public.courses FOR SELECT TO anon USING (account_id IN (SELECT account_id FROM public.site_settings WHERE is_public = true)); END IF; END \$\$;" 2>&1 || true $PSQL -c "GRANT SELECT ON public.events TO anon;" 2>&1 || true $PSQL -c "GRANT SELECT ON public.courses TO anon;" 2>&1 || true echo "🔐 Ensuring table permissions for all CMS modules..." $PSQL -c " GRANT SELECT, INSERT, UPDATE, DELETE ON public.meeting_protocols TO authenticated; GRANT SELECT, INSERT, UPDATE, DELETE ON public.meeting_protocol_items TO authenticated; GRANT ALL ON public.meeting_protocols TO service_role; GRANT ALL ON public.meeting_protocol_items TO service_role; GRANT SELECT, INSERT, UPDATE, DELETE ON public.waters TO authenticated; GRANT SELECT, INSERT, UPDATE, DELETE ON public.fish_species TO authenticated; GRANT SELECT, INSERT, UPDATE, DELETE ON public.fish_stocking TO authenticated; GRANT SELECT, INSERT, UPDATE, DELETE ON public.fishing_leases TO authenticated; GRANT SELECT, INSERT, UPDATE, DELETE ON public.catch_books TO authenticated; GRANT SELECT, INSERT, UPDATE, DELETE ON public.catch_entries TO authenticated; GRANT SELECT, INSERT, UPDATE, DELETE ON public.fishing_permits TO authenticated; GRANT SELECT, INSERT, UPDATE, DELETE ON public.fishing_competitions TO authenticated; GRANT SELECT, INSERT, UPDATE, DELETE ON public.member_clubs TO authenticated; GRANT SELECT, INSERT, UPDATE, DELETE ON public.club_contacts TO authenticated; GRANT SELECT, INSERT, UPDATE, DELETE ON public.club_roles TO authenticated; GRANT SELECT, INSERT, UPDATE, DELETE ON public.association_types TO authenticated; GRANT SELECT, INSERT, UPDATE, DELETE ON public.club_fee_types TO authenticated; GRANT SELECT, INSERT, UPDATE, DELETE ON public.club_fees TO authenticated; " 2>&1 || true echo "✅ Dev bootstrap complete."