arbritage/policies.sql

-- 1. Ensure RLS is enabled (consistency)
alter table public.inventory enable row level security;
alter table public.suppliers enable row level security;
alter table public.customers enable row level security;
alter table public.orders enable row level security;
alter table public.transactions enable row level security;
alter table public.settings enable row level security;

-- 2. Drop existing policies to avoid conflicts if re-run
drop policy if exists "Enable all for authenticated users" on public.inventory;
drop policy if exists "Enable all for authenticated users" on public.suppliers;
drop policy if exists "Enable all for authenticated users" on public.customers;
drop policy if exists "Enable all for authenticated users" on public.orders;
drop policy if exists "Enable all for authenticated users" on public.transactions;
drop policy if exists "Enable all for authenticated users" on public.settings;

-- 3. Create Permissive Policies for Authenticated Users
-- This allows any logged-in user to Select, Insert, Update, Delete ONLY if they are authenticated.
-- In a SaaS, you would restrict 'using (user_id = auth.uid())', but for this internal tool, we allow all authenticated access.

create policy "Enable all for authenticated users" on public.inventory for all to authenticated using (true) with check (true);
create policy "Enable all for authenticated users" on public.suppliers for all to authenticated using (true) with check (true);
create policy "Enable all for authenticated users" on public.customers for all to authenticated using (true) with check (true);
create policy "Enable all for authenticated users" on public.orders for all to authenticated using (true) with check (true);
create policy "Enable all for authenticated users" on public.transactions for all to authenticated using (true) with check (true);
create policy "Enable all for authenticated users" on public.settings for all to authenticated using (true) with check (true);