TeamVis Self-Host-Bundle v0.31.0

2026-06-25 19:54:40 +02:00
commit 6335367369
68 changed files with 3765 additions and 0 deletions
@@ -0,0 +1,18 @@
+-- Row-Level-Security für öffentliche Reads auf employees
+-- Die App benutzt den anon-Key für öffentliche /[slug]- und /api/vcard-Routes.
+-- Der service_role-Key (Admin-Pfade) umgeht RLS automatisch.
+
+alter table public.employees enable row level security;
+
+drop policy if exists "public_read_active_employees" on public.employees;
+create policy "public_read_active_employees"
+  on public.employees
+  for select
+  to anon
+  using (active = true);
+
+-- admin_users darf von anon gar nicht gelesen werden.
+alter table public.admin_users enable row level security;
+
+drop policy if exists "no_anon_access_admin_users" on public.admin_users;
+-- absichtlich KEINE Policy für anon → Default deny.