30 lines
1.2 KiB
SQL
30 lines
1.2 KiB
SQL
-- =====================================================================================
|
||
-- RLS: 内容管理模块安全策略
|
||
-- 位置:docs/sql/20_rls/cms/ml_cms_rls_v1.sql
|
||
-- 对象类型:RLS 策略
|
||
-- 版本:v1
|
||
-- 说明:消费者端可读(仅已发布/启用);管理端通过 RPC 访问
|
||
-- =====================================================================================
|
||
|
||
-- 1. 开启 RLS
|
||
ALTER TABLE public.ml_article_categories ENABLE ROW LEVEL SECURITY;
|
||
ALTER TABLE public.ml_articles ENABLE ROW LEVEL SECURITY;
|
||
|
||
-- 2. 分类表策略:允许所有人读取启用的分类
|
||
DROP POLICY IF EXISTS ml_article_categories_select_active ON public.ml_article_categories;
|
||
CREATE POLICY ml_article_categories_select_active
|
||
ON public.ml_article_categories
|
||
FOR SELECT
|
||
TO anon, authenticated
|
||
USING (status = 1);
|
||
|
||
-- 3. 文章表策略:允许所有人读取已发布的文章
|
||
DROP POLICY IF EXISTS ml_articles_select_published ON public.ml_articles;
|
||
CREATE POLICY ml_articles_select_published
|
||
ON public.ml_articles
|
||
FOR SELECT
|
||
TO anon, authenticated
|
||
USING (status = 1);
|
||
|
||
-- 默认不开放 INSERT/UPDATE/DELETE 给普通用户,管理端操作通过 RPC (SECURITY DEFINER) 执行
|