28 lines
1.1 KiB
SQL
28 lines
1.1 KiB
SQL
-- Enable RLS permissions for Chat Messages
|
|
-- Previously only SELECT was allowed, blocking USERS from sending messages (INSERT)
|
|
|
|
-- 1. Policy for INSERT (Sending messages)
|
|
-- User can insert if they are the sender (linked via ak_users)
|
|
DROP POLICY IF EXISTS ml_chat_messages_insert_policy ON public.ml_chat_messages;
|
|
CREATE POLICY ml_chat_messages_insert_policy ON public.ml_chat_messages
|
|
FOR INSERT WITH CHECK (
|
|
auth.uid() IN (
|
|
SELECT auth_id FROM public.ak_users WHERE id = sender_id
|
|
)
|
|
);
|
|
|
|
-- 2. Policy for UPDATE (Marking as read)
|
|
-- Sender or Receiver can update (e.g. mark as read)
|
|
DROP POLICY IF EXISTS ml_chat_messages_update_policy ON public.ml_chat_messages;
|
|
CREATE POLICY ml_chat_messages_update_policy ON public.ml_chat_messages
|
|
FOR UPDATE USING (
|
|
auth.uid() IN (
|
|
SELECT auth_id FROM public.ak_users WHERE id IN (sender_id, receiver_id)
|
|
)
|
|
);
|
|
|
|
-- 3. Ensure SELECT policy is also correct (existing one is complex, this is a simpler backup if needed)
|
|
-- (We trust the existing select policy if it exists, but making sure)
|
|
-- The existing policy:
|
|
-- auth.uid() IN (SELECT auth_id FROM ak_users WHERE id IN (sender_id, receiver_id))
|