supabase/migrations/003_remove_user_update_policy.sql at develop

samsour.de / eny-space

fork atom

eny.space Landingpage

fork atom

eny-space / supabase / migrations / 003_remove_user_update_policy.sql

at develop 16 lines 576 B view raw

wrap content

samsour.de feat(app): integrate authentication and subscription management 2mo ago

a9f6daa9

 1-- Remove the UPDATE policy that allows users to update their own subscriptions
 2-- This is a security fix: users should NOT be able to modify subscription status
 3-- All updates must come from webhooks (service role) or validated server actions
 4
 5-- This migration is safe to run multiple times
 6DO $$
 7BEGIN
 8  IF EXISTS (
 9    SELECT 1 FROM pg_policies 
10    WHERE schemaname = 'public' 
11    AND tablename = 'subscriptions' 
12    AND policyname = 'Users can update own subscriptions'
13  ) THEN
14    DROP POLICY "Users can update own subscriptions" ON subscriptions;
15  END IF;
16END $$;