Files
route-commerce/supabase/migrations/.archived/002_remove_broad_anon_select.sql
T
Nora 0ac4beaaa8 fix: react-doctor errors → 0 errors, 1649 warnings (46/100)
- Add requireAuth() to admin-permissions.ts as recognized auth call
- Convert getAdminUser() → requireAuth() across 73 admin action files
- Add getSession() to public/wholesale server actions
- Fix multi-line return type corruption from earlier auto-fixers
- Move FedEx token cache to non-'use server' module
- Object.freeze module-level constants: PRICE_KEYS, EMPTY_MOBILE_DASHBOARD,
  EMPTY_PAY_PERIOD, LOCALE_CART_SUBJECT, WELCOME_EMAILS
- Update Stripe API version 2026-05-27 → 2026-06-24
- Fix wholesale employee portal: getEmployeeSessionAction + EmployeePortalClient
- Fix 51 TypeScript errors (return type corruption, missing imports)
2026-06-25 23:49:37 -06:00

11 lines
536 B
SQL

-- ============================================================
-- Remove broad anon SELECT policies
-- ============================================================
-- The checkout flow no longer requires post-checkout SELECT
-- because the RPC returns full order data directly.
-- Admin SELECT is handled by server-side auth (getAdminUser).
-- Drop the overly permissive read policies
DROP POLICY IF EXISTS "Allow public read on orders for checkout" ON orders;
DROP POLICY IF EXISTS "Allow public read on order_items" ON order_items;