From ad3f549c96114f3546618fb32cf2608c6dbe36b5 Mon Sep 17 00:00:00 2001
From: Igor Zalutski <izalutski@gmail.com>
Date: Mon, 12 Aug 2024 11:50:39 +0100
Subject: [PATCH] RLS for runs

---
 supabase/migrations/20240812103454_rls_runs.sql | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 supabase/migrations/20240812103454_rls_runs.sql

diff --git a/supabase/migrations/20240812103454_rls_runs.sql b/supabase/migrations/20240812103454_rls_runs.sql
new file mode 100644
index 00000000..8d5efbee
--- /dev/null
+++ b/supabase/migrations/20240812103454_rls_runs.sql
@@ -0,0 +1,15 @@
+-- Enable RLS on digger_runs table
+ALTER TABLE digger_runs ENABLE ROW LEVEL SECURITY;
+
+-- Create policy for digger_runs
+CREATE POLICY "Users can access digger_runs in their organizations" ON digger_runs
+FOR ALL USING (
+  EXISTS (
+    SELECT 1
+    FROM projects p
+    JOIN organizations o ON p.organization_id = o.id
+    JOIN organization_members om ON o.id = om.organization_id
+    WHERE digger_runs.project_id = p.id
+      AND om.member_id = auth.uid()
+  )
+);
\ No newline at end of file