madapes/madbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added initial roadmap and implementation

Browse Source
This commit is contained in:
Vlad Durnea
2026-03-11 22:23:16 +02:00
parent 39b97a6db5
commit c0792f2e1d
62 changed files with 12410 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
migrations/20240101000002_storage_schema.sql Normal file
View File

@@ -0,0 +1,72 @@
-- Create roles if they don't exist
DO $$
BEGIN
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'authenticated') THEN
CREATE ROLE authenticated NOLOGIN;
END IF;
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'anon') THEN
CREATE ROLE anon NOLOGIN;
END IF;
END
$$;
CREATE SCHEMA IF NOT EXISTS storage;
-- Grant usage
GRANT USAGE ON SCHEMA storage TO authenticated, anon;
GRANT USAGE ON SCHEMA public TO authenticated, anon;
CREATE TABLE IF NOT EXISTS storage.buckets (
id TEXT PRIMARY KEY,
name TEXT NOT NULL,
public BOOLEAN DEFAULT false,
owner UUID REFERENCES public.users(id),
created_at TIMESTAMPTZ DEFAULT now(),
updated_at TIMESTAMPTZ DEFAULT now()
);
CREATE TABLE IF NOT EXISTS storage.objects (
id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
bucket_id TEXT REFERENCES storage.buckets(id),
name TEXT NOT NULL,
owner UUID REFERENCES public.users(id),
created_at TIMESTAMPTZ DEFAULT now(),
updated_at TIMESTAMPTZ DEFAULT now(),
last_accessed_at TIMESTAMPTZ DEFAULT now(),
metadata JSONB,
UNIQUE (bucket_id, name)
);
-- Grant table access (RLS will filter rows)
GRANT ALL ON TABLE storage.buckets TO authenticated, anon;
GRANT ALL ON TABLE storage.objects TO authenticated, anon;
ALTER TABLE storage.buckets ENABLE ROW LEVEL SECURITY;
ALTER TABLE storage.objects ENABLE ROW LEVEL SECURITY;
-- Helper to allow public access to public buckets
CREATE POLICY "Public Buckets are viewable by everyone"
ON storage.buckets FOR SELECT
USING ( public = true );
-- Helper to allow authenticated users to view their own buckets
CREATE POLICY "Users can view their own buckets"
ON storage.buckets FOR SELECT
TO authenticated
USING ( owner = current_setting('request.jwt.claim.sub', true)::uuid );
-- Objects policies depend on bucket public status or object owner
CREATE POLICY "Public Objects are viewable by everyone"
ON storage.objects FOR SELECT
USING ( bucket_id IN (SELECT id FROM storage.buckets WHERE public = true) );
CREATE POLICY "Users can view their own objects"
ON storage.objects FOR SELECT
TO authenticated
USING ( owner = current_setting('request.jwt.claim.sub', true)::uuid );
CREATE POLICY "Users can insert their own objects"
ON storage.objects FOR INSERT
TO authenticated
WITH CHECK ( owner = current_setting('request.jwt.claim.sub', true)::uuid );