6e5244b612
- 00-schema.sql: Schema creation with grants - 01-enums.sql: 8 enums (goal_type, metric_type, period_type, etc.) - 02-tables.sql: 4 tables (definitions, assignments, progress_log, milestone_notifications) - 04-rls.sql: 16 RLS policies for tenant isolation - 05-indexes.sql: Performance indexes Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
73 lines
3.8 KiB
SQL
73 lines
3.8 KiB
SQL
-- ============================================
|
|
-- SAAS-022: Goals RLS Policies
|
|
-- Tenant isolation for all tables
|
|
-- ============================================
|
|
|
|
-- ─────────────────────────────────────────────
|
|
-- Definitions RLS
|
|
-- ─────────────────────────────────────────────
|
|
ALTER TABLE goals.definitions ENABLE ROW LEVEL SECURITY;
|
|
|
|
CREATE POLICY definitions_tenant_isolation_select ON goals.definitions
|
|
FOR SELECT USING (tenant_id = auth.get_current_tenant());
|
|
|
|
CREATE POLICY definitions_tenant_isolation_insert ON goals.definitions
|
|
FOR INSERT WITH CHECK (tenant_id = auth.get_current_tenant());
|
|
|
|
CREATE POLICY definitions_tenant_isolation_update ON goals.definitions
|
|
FOR UPDATE USING (tenant_id = auth.get_current_tenant());
|
|
|
|
CREATE POLICY definitions_tenant_isolation_delete ON goals.definitions
|
|
FOR DELETE USING (tenant_id = auth.get_current_tenant());
|
|
|
|
-- ─────────────────────────────────────────────
|
|
-- Assignments RLS
|
|
-- ─────────────────────────────────────────────
|
|
ALTER TABLE goals.assignments ENABLE ROW LEVEL SECURITY;
|
|
|
|
CREATE POLICY assignments_tenant_isolation_select ON goals.assignments
|
|
FOR SELECT USING (tenant_id = auth.get_current_tenant());
|
|
|
|
CREATE POLICY assignments_tenant_isolation_insert ON goals.assignments
|
|
FOR INSERT WITH CHECK (tenant_id = auth.get_current_tenant());
|
|
|
|
CREATE POLICY assignments_tenant_isolation_update ON goals.assignments
|
|
FOR UPDATE USING (tenant_id = auth.get_current_tenant());
|
|
|
|
CREATE POLICY assignments_tenant_isolation_delete ON goals.assignments
|
|
FOR DELETE USING (tenant_id = auth.get_current_tenant());
|
|
|
|
-- ─────────────────────────────────────────────
|
|
-- Progress Log RLS
|
|
-- ─────────────────────────────────────────────
|
|
ALTER TABLE goals.progress_log ENABLE ROW LEVEL SECURITY;
|
|
|
|
CREATE POLICY progress_log_tenant_isolation_select ON goals.progress_log
|
|
FOR SELECT USING (tenant_id = auth.get_current_tenant());
|
|
|
|
CREATE POLICY progress_log_tenant_isolation_insert ON goals.progress_log
|
|
FOR INSERT WITH CHECK (tenant_id = auth.get_current_tenant());
|
|
|
|
CREATE POLICY progress_log_tenant_isolation_update ON goals.progress_log
|
|
FOR UPDATE USING (tenant_id = auth.get_current_tenant());
|
|
|
|
CREATE POLICY progress_log_tenant_isolation_delete ON goals.progress_log
|
|
FOR DELETE USING (tenant_id = auth.get_current_tenant());
|
|
|
|
-- ─────────────────────────────────────────────
|
|
-- Milestone Notifications RLS
|
|
-- ─────────────────────────────────────────────
|
|
ALTER TABLE goals.milestone_notifications ENABLE ROW LEVEL SECURITY;
|
|
|
|
CREATE POLICY milestone_notifications_tenant_isolation_select ON goals.milestone_notifications
|
|
FOR SELECT USING (tenant_id = auth.get_current_tenant());
|
|
|
|
CREATE POLICY milestone_notifications_tenant_isolation_insert ON goals.milestone_notifications
|
|
FOR INSERT WITH CHECK (tenant_id = auth.get_current_tenant());
|
|
|
|
CREATE POLICY milestone_notifications_tenant_isolation_update ON goals.milestone_notifications
|
|
FOR UPDATE USING (tenant_id = auth.get_current_tenant());
|
|
|
|
CREATE POLICY milestone_notifications_tenant_isolation_delete ON goals.milestone_notifications
|
|
FOR DELETE USING (tenant_id = auth.get_current_tenant());
|