You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
57 lines
1.6 KiB
57 lines
1.6 KiB
-- Add avatar_url to profiles (schema omotomo)
|
|
ALTER TABLE omotomo.profiles
|
|
ADD COLUMN IF NOT EXISTS avatar_url text;
|
|
|
|
-- Storage bucket for avatars (public read; uploads scoped to user folder).
|
|
-- If the INSERT fails (e.g. different storage schema), create the bucket in Supabase Dashboard:
|
|
-- Storage → New bucket → name "avatars", Public bucket ON, File size limit 2MB, Allowed MIME types: image/jpeg, image/png, image/gif, image/webp
|
|
INSERT INTO storage.buckets (id, name, public, file_size_limit, allowed_mime_types)
|
|
VALUES (
|
|
'avatars',
|
|
'avatars',
|
|
true,
|
|
2097152,
|
|
ARRAY['image/jpeg', 'image/png', 'image/gif', 'image/webp']
|
|
)
|
|
ON CONFLICT (id) DO NOTHING;
|
|
|
|
-- RLS: allow authenticated users to upload only to their own folder (avatars/<user_id>/...)
|
|
-- Use auth.jwt()->>'sub' to match the folder name (JWT sub is the user id string).
|
|
CREATE POLICY "Users can upload own avatar"
|
|
ON storage.objects
|
|
FOR INSERT
|
|
TO authenticated
|
|
WITH CHECK (
|
|
bucket_id = 'avatars'
|
|
AND (storage.foldername(name))[1] = (auth.jwt()->>'sub')
|
|
);
|
|
|
|
CREATE POLICY "Users can update own avatar"
|
|
ON storage.objects
|
|
FOR UPDATE
|
|
TO authenticated
|
|
USING (
|
|
bucket_id = 'avatars'
|
|
AND (storage.foldername(name))[1] = (auth.jwt()->>'sub')
|
|
)
|
|
WITH CHECK (
|
|
bucket_id = 'avatars'
|
|
AND (storage.foldername(name))[1] = (auth.jwt()->>'sub')
|
|
);
|
|
|
|
CREATE POLICY "Users can delete own avatar"
|
|
ON storage.objects
|
|
FOR DELETE
|
|
TO authenticated
|
|
USING (
|
|
bucket_id = 'avatars'
|
|
AND (storage.foldername(name))[1] = (auth.jwt()->>'sub')
|
|
);
|
|
|
|
-- Public read for avatars (bucket is public)
|
|
CREATE POLICY "Avatar images are publicly readable"
|
|
ON storage.objects
|
|
FOR SELECT
|
|
TO public
|
|
USING (bucket_id = 'avatars');
|