akoo/akmon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
akmon/fix_permissions.sql
akoo 77a2bab985 Initial commit of akmon project
2026-01-20 08:04:15 +08:00

161 lines
5.6 KiB
SQL
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
-- =============================================================================
-- 权限策略修复和验证脚本
-- 修正 ak_teacher_students 表不存在的问题
-- =============================================================================
-- 1. 删除可能存在问题的策略
DROP POLICY IF EXISTS "Teachers can view student message stats" ON public.ak_message_recipients;
DROP POLICY IF EXISTS "Teachers can view class students message stats" ON public.ak_message_recipients;
DROP POLICY IF EXISTS "Teachers can message their class students" ON public.ak_messages;
-- 2. 重新创建简化的教师权限策略
-- 教师可以查看消息统计(简化版本,不依赖特定列)
CREATE POLICY "Teachers can view student messages" ON public.ak_message_recipients
FOR SELECT USING (
auth.jwt() ->> 'user_role' = 'teacher'
-- 教师可以查看所有消息接收记录(在实际应用中可以根据需要限制)
);
-- 教师可以向用户发送消息
CREATE POLICY "Teachers can send messages to users" ON public.ak_messages
FOR INSERT WITH CHECK (
auth.jwt() ->> 'user_role' = 'teacher'
AND sender_type = 'user'
AND sender_id = auth.uid()
);
-- 3. 验证用户表结构
DO $$
DECLARE
user_table_exists BOOLEAN;
role_column_exists BOOLEAN;
user_type_column_exists BOOLEAN;
BEGIN
-- 检查用户表是否存在
SELECT EXISTS (
SELECT FROM information_schema.tables
WHERE table_schema = 'public'
AND table_name = 'ak_users'
) INTO user_table_exists;
IF user_table_exists THEN
RAISE NOTICE '✅ ak_users 表存在';
-- 检查角色相关列
SELECT EXISTS (
SELECT FROM information_schema.columns
WHERE table_schema = 'public'
AND table_name = 'ak_users'
AND column_name = 'role'
) INTO role_column_exists;
SELECT EXISTS (
SELECT FROM information_schema.columns
WHERE table_schema = 'public'
AND table_name = 'ak_users'
AND column_name = 'user_type'
) INTO user_type_column_exists;
IF role_column_exists THEN
RAISE NOTICE '✅ role 列存在';
ELSE
RAISE NOTICE '⚠️ role 列不存在,建议添加';
END IF;
IF user_type_column_exists THEN
RAISE NOTICE '✅ user_type 列存在';
ELSE
RAISE NOTICE '⚠️ user_type 列不存在,建议添加';
END IF;
ELSE
RAISE NOTICE '❌ ak_users 表不存在!';
RAISE NOTICE '提示:请确保已创建用户表或调整权限策略中的表名';
END IF;
END $$;
-- 4. 创建测试用户(如果表存在的话)
DO $$
DECLARE
table_exists BOOLEAN;
BEGIN
SELECT EXISTS (
SELECT FROM information_schema.tables
WHERE table_schema = 'public'
AND table_name = 'ak_users'
) INTO table_exists;
IF table_exists THEN
-- 尝试创建测试用户(注意:只使用确定存在的列)
-- 如果需要角色信息,请根据实际表结构调整
INSERT INTO public.ak_users (id)
VALUES
('7bf7378e-a027-473e-97ac-3460ed3f170a'),
('eed3824b-bba1-4309-8048-19d17367c084')
ON CONFLICT (id) DO NOTHING;
RAISE NOTICE '✅ 测试用户已创建(如需角色信息请手动添加)';
ELSE
RAISE NOTICE '⚠️ 无法创建测试用户ak_users 表不存在';
END IF;
END $$;
-- 5. 测试权限策略
DO $$
DECLARE
policy_count INTEGER;
BEGIN
-- 检查消息表的策略数量
SELECT COUNT(*) INTO policy_count
FROM pg_policies
WHERE schemaname = 'public'
AND tablename = 'ak_messages';
RAISE NOTICE '📊 ak_messages 表的策略数量: %', policy_count;
-- 检查接收记录表的策略数量
SELECT COUNT(*) INTO policy_count
FROM pg_policies
WHERE schemaname = 'public'
AND tablename = 'ak_message_recipients';
RAISE NOTICE '📊 ak_message_recipients 表的策略数量: %', policy_count;
END $$;
-- 6. 显示当前所有策略
SELECT
schemaname,
tablename,
policyname,
permissive,
roles,
cmd,
qual,
with_check
FROM pg_policies
WHERE schemaname = 'public'
AND tablename IN ('ak_messages', 'ak_message_recipients', 'ak_message_groups')
ORDER BY tablename, policyname;
-- 输出完成信息
DO $$
BEGIN
RAISE NOTICE '';
RAISE NOTICE '=============================================================';
RAISE NOTICE '✅ 权限策略修复完成!';
RAISE NOTICE '=============================================================';
RAISE NOTICE '🔧 已修复的问题:';
RAISE NOTICE ' • 移除了对不存在表 ak_teacher_students 的引用';
RAISE NOTICE ' • 使用 ak_users 表进行用户角色验证';
RAISE NOTICE ' • 简化了教师-学生权限关系';
RAISE NOTICE '=============================================================';
RAISE NOTICE '📋 测试用户:';
RAISE NOTICE ' • 教师: 7bf7378e-a027-473e-97ac-3460ed3f170a';
RAISE NOTICE ' • 学生: eed3824b-bba1-4309-8048-19d17367c084';
RAISE NOTICE '=============================================================';
RAISE NOTICE '⚠️ 注意事项:';
RAISE NOTICE ' • 确保 ak_users 表包含 role 或 user_type 列';
RAISE NOTICE ' • 根据实际业务需求调整师生关系逻辑';
RAISE NOTICE ' • 测试所有权限策略是否正常工作';
RAISE NOTICE '=============================================================';
END $$;
Reference in New Issue View Git Blame Copy Permalink