rckrdmrd/template-saas-database-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ea4f8b18a0
template-saas-database-v2/ddl/schemas/sales/04-rls.sql
Adrian Flores Cortes ea4f8b18a0 [SAAS-018] feat: Add sales schema DDL 
- Create sales schema (00-schema.sql)
- Add sales enums (01-enums.sql): lead_status, lead_source, opportunity_stage, activity_type, activity_status
- Add tables (02-tables.sql): pipeline_stages, leads, opportunities, activities
- Add functions (03-functions.sql): convert_lead_to_opportunity, update_opportunity_stage, calculate_lead_score, get_pipeline_summary, initialize_default_stages
- Add RLS policies (04-rls.sql) for tenant isolation
- Add indexes (05-indexes.sql) for performance

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-24 20:49:35 -06:00

112 lines
4.1 KiB
SQL
Raw Blame History

-- ============================================
-- TEMPLATE-SAAS: Sales Row Level Security
-- Version: 1.0.0
-- Module: SAAS-018
-- ============================================
-- ============================================
-- Enable RLS on all tables
-- ============================================
ALTER TABLE sales.pipeline_stages ENABLE ROW LEVEL SECURITY;
ALTER TABLE sales.leads ENABLE ROW LEVEL SECURITY;
ALTER TABLE sales.opportunities ENABLE ROW LEVEL SECURITY;
ALTER TABLE sales.activities ENABLE ROW LEVEL SECURITY;
-- ============================================
-- Pipeline Stages Policies
-- ============================================
CREATE POLICY pipeline_stages_tenant_isolation ON sales.pipeline_stages
USING (tenant_id = current_setting('app.current_tenant_id', true)::UUID);
CREATE POLICY pipeline_stages_insert ON sales.pipeline_stages
FOR INSERT
WITH CHECK (tenant_id = current_setting('app.current_tenant_id', true)::UUID);
CREATE POLICY pipeline_stages_update ON sales.pipeline_stages
FOR UPDATE
USING (tenant_id = current_setting('app.current_tenant_id', true)::UUID);
CREATE POLICY pipeline_stages_delete ON sales.pipeline_stages
FOR DELETE
USING (tenant_id = current_setting('app.current_tenant_id', true)::UUID);
-- ============================================
-- Leads Policies
-- ============================================
CREATE POLICY leads_tenant_isolation ON sales.leads
USING (tenant_id = current_setting('app.current_tenant_id', true)::UUID);
CREATE POLICY leads_insert ON sales.leads
FOR INSERT
WITH CHECK (tenant_id = current_setting('app.current_tenant_id', true)::UUID);
CREATE POLICY leads_update ON sales.leads
FOR UPDATE
USING (tenant_id = current_setting('app.current_tenant_id', true)::UUID);
CREATE POLICY leads_delete ON sales.leads
FOR DELETE
USING (tenant_id = current_setting('app.current_tenant_id', true)::UUID);
-- ============================================
-- Opportunities Policies
-- ============================================
CREATE POLICY opportunities_tenant_isolation ON sales.opportunities
USING (tenant_id = current_setting('app.current_tenant_id', true)::UUID);
CREATE POLICY opportunities_insert ON sales.opportunities
FOR INSERT
WITH CHECK (tenant_id = current_setting('app.current_tenant_id', true)::UUID);
CREATE POLICY opportunities_update ON sales.opportunities
FOR UPDATE
USING (tenant_id = current_setting('app.current_tenant_id', true)::UUID);
CREATE POLICY opportunities_delete ON sales.opportunities
FOR DELETE
USING (tenant_id = current_setting('app.current_tenant_id', true)::UUID);
-- ============================================
-- Activities Policies
-- ============================================
CREATE POLICY activities_tenant_isolation ON sales.activities
USING (tenant_id = current_setting('app.current_tenant_id', true)::UUID);
CREATE POLICY activities_insert ON sales.activities
FOR INSERT
WITH CHECK (tenant_id = current_setting('app.current_tenant_id', true)::UUID);
CREATE POLICY activities_update ON sales.activities
FOR UPDATE
USING (tenant_id = current_setting('app.current_tenant_id', true)::UUID);
CREATE POLICY activities_delete ON sales.activities
FOR DELETE
USING (tenant_id = current_setting('app.current_tenant_id', true)::UUID);
-- ============================================
-- Bypass policies for service role (optional)
-- ============================================
-- These allow backend services with elevated privileges to bypass RLS
-- when needed (e.g., for admin operations, reporting, etc.)
-- CREATE POLICY pipeline_stages_service_bypass ON sales.pipeline_stages
-- FOR ALL
-- TO template_saas_service
-- USING (true);
-- CREATE POLICY leads_service_bypass ON sales.leads
-- FOR ALL
-- TO template_saas_service
-- USING (true);
-- CREATE POLICY opportunities_service_bypass ON sales.opportunities
-- FOR ALL
-- TO template_saas_service
-- USING (true);
-- CREATE POLICY activities_service_bypass ON sales.activities
-- FOR ALL
-- TO template_saas_service
-- USING (true);
Reference in New Issue View Git Blame Copy Permalink