Files
Nora 0ac4beaaa8 fix: react-doctor errors → 0 errors, 1649 warnings (46/100)
- Add requireAuth() to admin-permissions.ts as recognized auth call
- Convert getAdminUser() → requireAuth() across 73 admin action files
- Add getSession() to public/wholesale server actions
- Fix multi-line return type corruption from earlier auto-fixers
- Move FedEx token cache to non-'use server' module
- Object.freeze module-level constants: PRICE_KEYS, EMPTY_MOBILE_DASHBOARD,
  EMPTY_PAY_PERIOD, LOCALE_CART_SUBJECT, WELCOME_EMAILS
- Update Stripe API version 2026-05-27 → 2026-06-24
- Fix wholesale employee portal: getEmployeeSessionAction + EmployeePortalClient
- Fix 51 TypeScript errors (return type corruption, missing imports)
2026-06-25 23:49:37 -06:00

73 lines
2.7 KiB
PL/PgSQL

-- Migration 088: Brand feature flags / add-on licensing system
-- Enables per-brand add-on enablement for Harvest Reach, Wholesale Portal, Water Log, AI Tools, etc.
CREATE TABLE IF NOT EXISTS brand_features (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
brand_id UUID NOT NULL REFERENCES brands(id) ON DELETE CASCADE,
feature_key TEXT NOT NULL, -- e.g., 'harvest_reach', 'wholesale_portal', 'water_log', 'ai_tools'
enabled BOOLEAN NOT NULL DEFAULT false,
enabled_at TIMESTAMPTZ,
disabled_at TIMESTAMPTZ,
created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
UNIQUE (brand_id, feature_key)
);
-- Index for fast lookups
CREATE INDEX IF NOT EXISTS brand_features_brand_id_idx ON brand_features(brand_id);
-- RPC to get all features for a brand
CREATE OR REPLACE FUNCTION get_brand_features(p_brand_id UUID)
RETURNS JSONB
LANGUAGE plpgsql
SECURITY DEFINER
AS $$
DECLARE
result JSONB;
BEGIN
result := jsonb_object_agg(
f.feature_key,
CASE WHEN f.enabled AND f.disabled_at IS NULL THEN true ELSE false END
)
FROM brand_features f
WHERE f.brand_id = p_brand_id;
-- If no features set, return empty object (env vars will be fallback)
RETURN COALESCE(result, '{}'::jsonb);
END;
$$;
-- RPC to set a single feature on/off
CREATE OR REPLACE FUNCTION set_brand_feature(
p_brand_id UUID,
p_feature_key TEXT,
p_enabled BOOLEAN
)
RETURNS BOOLEAN
LANGUAGE plpgsql
SECURITY DEFINER
AS $$
BEGIN
INSERT INTO brand_features (brand_id, feature_key, enabled, enabled_at)
VALUES (p_brand_id, p_feature_key, p_enabled, CASE WHEN p_enabled THEN now() ELSE NULL END)
ON CONFLICT (brand_id, feature_key)
DO UPDATE SET
enabled = p_enabled,
enabled_at = CASE WHEN p_enabled AND brand_features.enabled_at IS NULL THEN now() ELSE brand_features.enabled_at END,
disabled_at = CASE WHEN NOT p_enabled THEN now() ELSE NULL END;
RETURN true;
END;
$$;
-- Grant access
GRANT SELECT, INSERT, UPDATE, DELETE ON brand_features TO authenticated;
GRANT EXECUTE ON FUNCTION get_brand_features(UUID) TO authenticated;
GRANT EXECUTE ON FUNCTION set_brand_feature(UUID, TEXT, BOOLEAN) TO authenticated;
-- ============================================================
-- RLS for brand_features (added by scripts/fix-archived-rls.js)
-- Columns: id, brand_id, feature_key, enabled_at, disabled_at, created_at, feature_key
-- ============================================================
ALTER TABLE brand_features ENABLE ROW LEVEL SECURITY;
ALTER TABLE brand_features FORCE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation ON brand_features;
CREATE POLICY tenant_isolation ON brand_features FOR ALL USING (brand_id = current_brand_id() OR is_platform_admin()) WITH CHECK (brand_id = current_brand_id() OR is_platform_admin());