26 lines
825 B
SQL
26 lines
825 B
SQL
-- Expose user_id and member_name in reservation_slots.
|
|
-- JOIN with members is safe here because security_invoker=false runs as view owner,
|
|
-- bypassing RLS — so any authenticated user can see names without a separate members query.
|
|
-- Must drop+recreate because CREATE OR REPLACE VIEW cannot insert a column mid-list.
|
|
drop view if exists public.reservation_slots;
|
|
|
|
create view public.reservation_slots
|
|
with (security_invoker = false)
|
|
as
|
|
select
|
|
r.id,
|
|
r.boat_id,
|
|
r.user_id,
|
|
r.start_time,
|
|
r.end_time,
|
|
r.status,
|
|
coalesce(
|
|
nullif(trim(m.first_name || ' ' || m.last_name), ''),
|
|
m.email
|
|
) as member_name
|
|
from public.reservations r
|
|
left join public.members m on m.user_id = r.user_id
|
|
where r.status <> 'cancelled';
|
|
|
|
grant select on public.reservation_slots to authenticated;
|