20 lines
829 B
SQL
20 lines
829 B
SQL
-- =====================================================================================
|
||
-- RLS: 发票管理表
|
||
-- 位置:docs/sql/20_rls/finance/ml_invoices_rls_v1.sql
|
||
-- 对象类型:RLS 策略
|
||
-- 版本:v1
|
||
-- 说明:用户仅能查看自己的开票申请;管理端通过 RPC 访问
|
||
-- =====================================================================================
|
||
|
||
ALTER TABLE public.ml_invoices ENABLE ROW LEVEL SECURITY;
|
||
|
||
-- 策略 1: 允许用户读取自己的记录(仅未删除数据)
|
||
DROP POLICY IF EXISTS ml_invoices_user_select ON public.ml_invoices;
|
||
CREATE POLICY ml_invoices_user_select
|
||
ON public.ml_invoices
|
||
FOR SELECT
|
||
TO authenticated
|
||
USING (uid = auth.uid() AND deleted_at IS NULL);
|
||
|
||
-- 默认不开放 INSERT/UPDATE/DELETE 给普通用户,通常由 RPC 或支付后逻辑触发
|