zaid.marzguioui/myeasycms-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0932c57fa12811c38eb49a587c11c7b89a4837d6
myeasycms-v2/docker/db/dev-bootstrap.sh
Zaid Marzguioui 9484ba91f8
Some checks failed
Workflow / ⚫️ Test (push) Has been cancelled
Details
Workflow / ʦ TypeScript (push) Has been cancelled
Details
fix(db): add explicit GRANT permissions for all CMS module tables 
The REVOKE+GRANT pattern in migrations can fail if a previous migration run
partially succeeded. Adding explicit GRANTs to dev-bootstrap.sh ensures all
tables have correct permissions on every deploy. Fixes 500 error on
Sitzungsprotokolle (meeting_protocol_items permission denied).
2026-04-01 13:32:32 +02:00

74 lines
3.9 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
set -e
# ===========================================================================
# Docker dev bootstrap — runs AFTER app migrations
# Seeds the DB, removes MFA, patches is_super_admin for local dev (no aal2).
# ===========================================================================
PSQL="psql -v ON_ERROR_STOP=0 --no-password --no-psqlrc -U supabase_admin -d postgres -h supabase-db"
echo "🌱 Running seed.sql..."
$PSQL -f /app-seed/seed.sql 2>&1 || true
echo "🔓 Removing MFA factors for dev..."
$PSQL -c "DELETE FROM auth.mfa_factors;" 2>&1 || true
$PSQL -c "DELETE FROM auth.mfa_challenges;" 2>&1 || true
echo "🔄 Fixing auth sequences after seed import..."
$PSQL -c "SELECT setval('auth.refresh_tokens_id_seq', (SELECT COALESCE(MAX(id), 0) + 1 FROM auth.refresh_tokens));" 2>&1 || true
$PSQL -c "SELECT setval(pg_get_serial_sequence('public.role_permissions', 'id'), (SELECT COALESCE(MAX(id), 0) + 1 FROM public.role_permissions));" 2>&1 || true
echo "🔧 Patching is_super_admin() — skip aal2 for local dev..."
cat <<'EOSQL' | $PSQL
CREATE OR REPLACE FUNCTION public.is_super_admin() RETURNS boolean
LANGUAGE plpgsql SECURITY DEFINER AS $fn$
declare r boolean;
begin
select (auth.jwt() ->> 'app_metadata')::jsonb ->> 'role' = 'super-admin' into r;
return coalesce(r, false);
end $fn$;
EOSQL
echo "🌐 Adding anon read policy for public club pages..."
$PSQL -c "DO \$\$ BEGIN
IF NOT EXISTS (SELECT 1 FROM pg_policy WHERE polname = 'accounts_public_read') THEN
CREATE POLICY accounts_public_read ON public.accounts FOR SELECT TO anon
USING (is_personal_account = false AND id IN (SELECT account_id FROM public.site_settings WHERE is_public = true));
END IF;
IF NOT EXISTS (SELECT 1 FROM pg_policy WHERE polname = 'events_public_read') THEN
CREATE POLICY events_public_read ON public.events FOR SELECT TO anon
USING (account_id IN (SELECT account_id FROM public.site_settings WHERE is_public = true));
END IF;
IF NOT EXISTS (SELECT 1 FROM pg_policy WHERE polname = 'courses_public_read') THEN
CREATE POLICY courses_public_read ON public.courses FOR SELECT TO anon
USING (account_id IN (SELECT account_id FROM public.site_settings WHERE is_public = true));
END IF;
END \$\$;" 2>&1 || true
$PSQL -c "GRANT SELECT ON public.events TO anon;" 2>&1 || true
$PSQL -c "GRANT SELECT ON public.courses TO anon;" 2>&1 || true
echo "🔐 Ensuring table permissions for all CMS modules..."
$PSQL -c "
GRANT SELECT, INSERT, UPDATE, DELETE ON public.meeting_protocols TO authenticated;
GRANT SELECT, INSERT, UPDATE, DELETE ON public.meeting_protocol_items TO authenticated;
GRANT ALL ON public.meeting_protocols TO service_role;
GRANT ALL ON public.meeting_protocol_items TO service_role;
GRANT SELECT, INSERT, UPDATE, DELETE ON public.waters TO authenticated;
GRANT SELECT, INSERT, UPDATE, DELETE ON public.fish_species TO authenticated;
GRANT SELECT, INSERT, UPDATE, DELETE ON public.fish_stocking TO authenticated;
GRANT SELECT, INSERT, UPDATE, DELETE ON public.fishing_leases TO authenticated;
GRANT SELECT, INSERT, UPDATE, DELETE ON public.catch_books TO authenticated;
GRANT SELECT, INSERT, UPDATE, DELETE ON public.catch_entries TO authenticated;
GRANT SELECT, INSERT, UPDATE, DELETE ON public.fishing_permits TO authenticated;
GRANT SELECT, INSERT, UPDATE, DELETE ON public.fishing_competitions TO authenticated;
GRANT SELECT, INSERT, UPDATE, DELETE ON public.member_clubs TO authenticated;
GRANT SELECT, INSERT, UPDATE, DELETE ON public.club_contacts TO authenticated;
GRANT SELECT, INSERT, UPDATE, DELETE ON public.club_roles TO authenticated;
GRANT SELECT, INSERT, UPDATE, DELETE ON public.association_types TO authenticated;
GRANT SELECT, INSERT, UPDATE, DELETE ON public.club_fee_types TO authenticated;
GRANT SELECT, INSERT, UPDATE, DELETE ON public.club_fees TO authenticated;
" 2>&1 || true
echo "✅ Dev bootstrap complete."
Reference in New Issue View Git Blame Copy Permalink