pguerrerox
f5e7e966e3
- add migrations for owner/member workspace roles and application admins - centralize /admin access checks with DB-backed admin resolution - audit admin analytics/billing route access - update account/admin UI typing and env/docs for ADMIN_EMAILS fallback behavior
34 lines
1.6 KiB
SQL
34 lines
1.6 KiB
SQL
create table if not exists public.application_admins (
|
|
id uuid primary key default gen_random_uuid(),
|
|
email text not null,
|
|
email_normalized text not null,
|
|
status text not null default 'active' check (status in ('active', 'disabled')),
|
|
permissions_json jsonb not null default '[]'::jsonb,
|
|
created_by_user_id uuid references public.users (id) on delete set null,
|
|
created_at timestamptz not null default now(),
|
|
updated_at timestamptz not null default now()
|
|
);
|
|
|
|
create unique index if not exists application_admins_email_normalized_idx on public.application_admins (email_normalized);
|
|
|
|
drop trigger if exists set_application_admins_updated_at on public.application_admins;
|
|
create trigger set_application_admins_updated_at
|
|
before update on public.application_admins
|
|
for each row
|
|
execute function public.set_updated_at();
|
|
|
|
create table if not exists public.admin_access_audit (
|
|
id uuid primary key default gen_random_uuid(),
|
|
actor_user_id uuid references public.users (id) on delete set null,
|
|
actor_email text,
|
|
route text not null,
|
|
action text not null,
|
|
target_workspace_id uuid references public.workspaces (id) on delete set null,
|
|
metadata_json jsonb not null default '{}'::jsonb,
|
|
occurred_at timestamptz not null default now()
|
|
);
|
|
|
|
create index if not exists admin_access_audit_occurred_at_idx on public.admin_access_audit (occurred_at desc);
|
|
create index if not exists admin_access_audit_actor_user_id_idx on public.admin_access_audit (actor_user_id);
|
|
create index if not exists admin_access_audit_target_workspace_id_idx on public.admin_access_audit (target_workspace_id);
|