Classes Tablosu RLS Politikaları#

ALTER TABLE "public"."classes" ENABLE ROW LEVEL SECURITY;

CREATE POLICY "users_can_view_relevant_classes" 
ON "public"."classes" 
FOR SELECT 
TO "authenticated" 
USING (
  -- Öğrenciler: Katıldıkları sınıflar
  (EXISTS ( 
    SELECT 1
    FROM ("public"."class_members" "cm"
      JOIN "public"."users" "u" ON (("cm"."student_id" = "u"."id")))
    WHERE (("cm"."class_id" = "classes"."id") 
      AND ("u"."auth_user_id" = "auth"."uid"()) 
      AND ("u"."role_id" = 1) 
      AND ("cm"."deleted_at" IS NULL))
  )) 
  OR 
  -- Öğretmenler: Oluşturdukları sınıflar
  (EXISTS ( 
    SELECT 1
    FROM "public"."users" "u"
    WHERE (("u"."id" = "classes"."teacher_id") 
      AND ("u"."auth_user_id" = "auth"."uid"()) 
      AND ("u"."role_id" = 2))
  )) 
  OR 
  -- Admin/Editor: Tüm sınıflar
  (EXISTS ( 
    SELECT 1
    FROM "public"."users" "u"
    WHERE (("u"."auth_user_id" = "auth"."uid"()) 
      AND ("u"."role_id" = ANY (ARRAY[3, 4])))
  ))
);

CREATE POLICY "teachers_admins_editors_can_create_classes" 
ON "public"."classes" 
FOR INSERT 
TO "authenticated" 
WITH CHECK (
  EXISTS ( 
    SELECT 1
    FROM "public"."users"
    WHERE (("users"."auth_user_id" = "auth"."uid"()) 
      AND ("users"."id" = "classes"."teacher_id") 
      AND ("users"."role_id" = ANY (ARRAY[2, 3, 4])))
  )
);

CREATE POLICY "owners_can_update_classes" 
ON "public"."classes" 
FOR UPDATE 
TO "authenticated" 
USING (
  -- Öğretmen: Kendi sınıfı
  (("teacher_id" IN ( 
    SELECT "users"."id"
    FROM "public"."users"
    WHERE (("users"."auth_user_id" = "auth"."uid"()) 
      AND ("users"."role_id" = 2))
  ))) 
  OR 
  -- Admin/Editor: Tüm sınıflar
  (EXISTS ( 
    SELECT 1
    FROM "public"."users"
    WHERE (("users"."auth_user_id" = "auth"."uid"()) 
      AND ("users"."role_id" = ANY (ARRAY[3, 4])))
  ))
);

CREATE POLICY "owners_can_delete_classes" 
ON "public"."classes" 
FOR DELETE 
TO "authenticated" 
USING (
  -- Öğretmen: Kendi sınıfı
  (("teacher_id" IN ( 
    SELECT "users"."id"
    FROM "public"."users"
    WHERE (("users"."auth_user_id" = "auth"."uid"()) 
      AND ("users"."role_id" = 2))
  ))) 
  OR 
  -- Admin/Editor: Tüm sınıflar
  (EXISTS ( 
    SELECT 1
    FROM "public"."users"
    WHERE (("users"."auth_user_id" = "auth"."uid"()) 
      AND ("users"."role_id" = ANY (ARRAY[3, 4])))
  ))
);

-- İçeriği buraya ekleyiniz

-- Öğretmen kendi sınıfını oluşturur
INSERT INTO classes (name, teacher_id, school_id)
VALUES ('10-A Matematik', current_teacher_id, current_school_id);
--  Başarılı

-- Öğrenci sınıf oluşturmaya çalışır
INSERT INTO classes (name, teacher_id, school_id)
VALUES ('10-A Matematik', some_teacher_id, current_school_id);
--  RLS politikası tarafından reddedilir

-- school_id kontrolü eklenmeli
AND school_id = (
  SELECT school_id FROM users WHERE auth_user_id = auth.uid()
)