-- =====================================================================================
-- RLS: 内容管理模块安全策略
-- 位置：docs/sql/20_rls/cms/ml_cms_rls_v1.sql
-- 对象类型：RLS 策略
-- 版本：v1
-- 说明：消费者端可读（仅已发布/启用）；管理端通过 RPC 访问
-- =====================================================================================

-- 1. 开启 RLS
ALTER TABLE public.ml_article_categories ENABLE ROW LEVEL SECURITY;
ALTER TABLE public.ml_articles ENABLE ROW LEVEL SECURITY;

-- 2. 分类表策略：允许所有人读取启用的分类
DROP POLICY IF EXISTS ml_article_categories_select_active ON public.ml_article_categories;
CREATE POLICY ml_article_categories_select_active
  ON public.ml_article_categories
  FOR SELECT
  TO anon, authenticated
  USING (status = 1 AND deleted_at IS NULL);

-- 3. 文章表策略：允许所有人读取已发布的文章
DROP POLICY IF EXISTS ml_articles_select_published ON public.ml_articles;
CREATE POLICY ml_articles_select_published
  ON public.ml_articles
  FOR SELECT
  TO anon, authenticated
  USING (status = 1 AND deleted_at IS NULL);

-- 默认不开放 INSERT/UPDATE/DELETE 给普通用户，管理端操作通过 RPC (SECURITY DEFINER) 执行