45 lines
1.3 KiB
SQL
45 lines
1.3 KiB
SQL
-- Create boat-images storage bucket
|
|
insert into storage.buckets (id, name, public, file_size_limit, allowed_mime_types)
|
|
values (
|
|
'boat-images',
|
|
'boat-images',
|
|
true,
|
|
10485760,
|
|
array['image/jpeg', 'image/png', 'image/webp']
|
|
)
|
|
on conflict (id) do nothing;
|
|
|
|
-- Public read (bucket is public, but explicit policy is required for RLS)
|
|
create policy "Anyone can read boat images" on storage.objects
|
|
for select using (bucket_id = 'boat-images');
|
|
|
|
-- Admins/boatswains can upload
|
|
create policy "Admins can upload boat images" on storage.objects
|
|
for insert with check (
|
|
bucket_id = 'boat-images' and
|
|
exists (
|
|
select 1 from public.members
|
|
where user_id = auth.uid() and role in ('admin', 'boatswain')
|
|
)
|
|
);
|
|
|
|
-- Admins/boatswains can replace/update
|
|
create policy "Admins can update boat images" on storage.objects
|
|
for update using (
|
|
bucket_id = 'boat-images' and
|
|
exists (
|
|
select 1 from public.members
|
|
where user_id = auth.uid() and role in ('admin', 'boatswain')
|
|
)
|
|
);
|
|
|
|
-- Admins/boatswains can delete
|
|
create policy "Admins can delete boat images" on storage.objects
|
|
for delete using (
|
|
bucket_id = 'boat-images' and
|
|
exists (
|
|
select 1 from public.members
|
|
where user_id = auth.uid() and role in ('admin', 'boatswain')
|
|
)
|
|
);
|