248 lines
9.0 KiB
PL/PgSQL
248 lines
9.0 KiB
PL/PgSQL
-- Schéma sécurisé pour l'application "Mes Budgets Participatifs"
|
|
|
|
-- Table des utilisateurs administrateurs (extension de auth.users)
|
|
CREATE TABLE admin_users (
|
|
id UUID REFERENCES auth.users(id) ON DELETE CASCADE PRIMARY KEY,
|
|
email TEXT NOT NULL,
|
|
role TEXT NOT NULL DEFAULT 'admin' CHECK (role IN ('admin', 'super_admin')),
|
|
created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
|
|
updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
|
|
);
|
|
|
|
-- Table des campagnes
|
|
CREATE TABLE campaigns (
|
|
id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
|
|
title TEXT NOT NULL,
|
|
description TEXT NOT NULL,
|
|
status TEXT NOT NULL CHECK (status IN ('deposit', 'voting', 'closed')) DEFAULT 'deposit',
|
|
budget_per_user INTEGER NOT NULL CHECK (budget_per_user > 0),
|
|
spending_tiers TEXT NOT NULL, -- Montants séparés par des virgules (ex: "10,25,50,100")
|
|
created_by UUID REFERENCES admin_users(id),
|
|
created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
|
|
updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
|
|
);
|
|
|
|
-- Table des propositions
|
|
CREATE TABLE propositions (
|
|
id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
|
|
campaign_id UUID NOT NULL REFERENCES campaigns(id) ON DELETE CASCADE,
|
|
title TEXT NOT NULL,
|
|
description TEXT NOT NULL,
|
|
author_first_name TEXT NOT NULL,
|
|
author_last_name TEXT NOT NULL,
|
|
author_email TEXT NOT NULL,
|
|
created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
|
|
);
|
|
|
|
-- Table des participants
|
|
CREATE TABLE participants (
|
|
id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
|
|
campaign_id UUID NOT NULL REFERENCES campaigns(id) ON DELETE CASCADE,
|
|
first_name TEXT NOT NULL,
|
|
last_name TEXT NOT NULL,
|
|
email TEXT NOT NULL,
|
|
created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
|
|
);
|
|
|
|
-- Table des votes
|
|
CREATE TABLE votes (
|
|
id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
|
|
campaign_id UUID NOT NULL REFERENCES campaigns(id) ON DELETE CASCADE,
|
|
participant_id UUID NOT NULL REFERENCES participants(id) ON DELETE CASCADE,
|
|
proposition_id UUID NOT NULL REFERENCES propositions(id) ON DELETE CASCADE,
|
|
amount INTEGER NOT NULL CHECK (amount > 0),
|
|
created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
|
|
updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
|
|
UNIQUE(participant_id, proposition_id) -- Un seul vote par participant par proposition
|
|
);
|
|
|
|
-- Table des paramètres de l'application
|
|
CREATE TABLE settings (
|
|
id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
|
|
key TEXT NOT NULL UNIQUE,
|
|
value TEXT NOT NULL,
|
|
category TEXT NOT NULL,
|
|
description TEXT,
|
|
created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
|
|
updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
|
|
);
|
|
|
|
-- Index pour améliorer les performances
|
|
CREATE INDEX idx_propositions_campaign_id ON propositions(campaign_id);
|
|
CREATE INDEX idx_participants_campaign_id ON participants(campaign_id);
|
|
CREATE INDEX idx_campaigns_status ON campaigns(status);
|
|
CREATE INDEX idx_campaigns_created_at ON campaigns(created_at DESC);
|
|
CREATE INDEX idx_votes_campaign_participant ON votes(campaign_id, participant_id);
|
|
CREATE INDEX idx_votes_proposition ON votes(proposition_id);
|
|
CREATE INDEX idx_admin_users_email ON admin_users(email);
|
|
|
|
-- Trigger pour mettre à jour updated_at automatiquement
|
|
CREATE OR REPLACE FUNCTION update_updated_at_column()
|
|
RETURNS TRIGGER AS $$
|
|
BEGIN
|
|
NEW.updated_at = NOW();
|
|
RETURN NEW;
|
|
END;
|
|
$$ language 'plpgsql';
|
|
|
|
CREATE TRIGGER update_campaigns_updated_at
|
|
BEFORE UPDATE ON campaigns
|
|
FOR EACH ROW
|
|
EXECUTE FUNCTION update_updated_at_column();
|
|
|
|
CREATE TRIGGER update_votes_updated_at BEFORE UPDATE ON votes
|
|
FOR EACH ROW EXECUTE FUNCTION update_updated_at_column();
|
|
|
|
CREATE TRIGGER update_settings_updated_at BEFORE UPDATE ON settings
|
|
FOR EACH ROW EXECUTE FUNCTION update_updated_at_column();
|
|
|
|
CREATE TRIGGER update_admin_users_updated_at BEFORE UPDATE ON admin_users
|
|
FOR EACH ROW EXECUTE FUNCTION update_updated_at_column();
|
|
|
|
-- Activer RLS sur toutes les tables
|
|
ALTER TABLE admin_users ENABLE ROW LEVEL SECURITY;
|
|
ALTER TABLE campaigns ENABLE ROW LEVEL SECURITY;
|
|
ALTER TABLE propositions ENABLE ROW LEVEL SECURITY;
|
|
ALTER TABLE participants ENABLE ROW LEVEL SECURITY;
|
|
ALTER TABLE votes ENABLE ROW LEVEL SECURITY;
|
|
ALTER TABLE settings ENABLE ROW LEVEL SECURITY;
|
|
|
|
-- ========================================
|
|
-- POLITIQUES RLS SÉCURISÉES
|
|
-- ========================================
|
|
|
|
-- Fonction helper pour vérifier si l'utilisateur est admin
|
|
CREATE OR REPLACE FUNCTION is_admin()
|
|
RETURNS BOOLEAN AS $$
|
|
BEGIN
|
|
RETURN EXISTS (
|
|
SELECT 1 FROM admin_users
|
|
WHERE id = auth.uid()
|
|
);
|
|
END;
|
|
$$ LANGUAGE plpgsql SECURITY DEFINER;
|
|
|
|
-- Fonction helper pour vérifier si l'utilisateur est super admin
|
|
CREATE OR REPLACE FUNCTION is_super_admin()
|
|
RETURNS BOOLEAN AS $$
|
|
BEGIN
|
|
RETURN EXISTS (
|
|
SELECT 1 FROM admin_users
|
|
WHERE id = auth.uid() AND role = 'super_admin'
|
|
);
|
|
END;
|
|
$$ LANGUAGE plpgsql SECURITY DEFINER;
|
|
|
|
-- ========================================
|
|
-- POLITIQUES POUR admin_users
|
|
-- ========================================
|
|
-- Seuls les admins peuvent voir la liste des autres admins
|
|
CREATE POLICY "Admins can view admin users" ON admin_users
|
|
FOR SELECT USING (is_admin());
|
|
|
|
-- Seuls les super admins peuvent gérer les autres admins
|
|
CREATE POLICY "Super admins can manage admin users" ON admin_users
|
|
FOR ALL USING (is_super_admin());
|
|
|
|
-- ========================================
|
|
-- POLITIQUES POUR campaigns
|
|
-- ========================================
|
|
-- Lecture publique des campagnes (pour les pages publiques)
|
|
CREATE POLICY "Public read access to campaigns" ON campaigns
|
|
FOR SELECT USING (true);
|
|
|
|
-- Seuls les admins peuvent créer/modifier/supprimer des campagnes
|
|
CREATE POLICY "Admins can manage campaigns" ON campaigns
|
|
FOR ALL USING (is_admin());
|
|
|
|
-- ========================================
|
|
-- POLITIQUES POUR propositions
|
|
-- ========================================
|
|
-- Lecture publique des propositions (pour les pages publiques)
|
|
CREATE POLICY "Public read access to propositions" ON propositions
|
|
FOR SELECT USING (true);
|
|
|
|
-- Insertion publique des propositions (pour le dépôt public)
|
|
CREATE POLICY "Public insert access to propositions" ON propositions
|
|
FOR INSERT WITH CHECK (true);
|
|
|
|
-- Seuls les admins peuvent modifier/supprimer des propositions
|
|
CREATE POLICY "Admins can update propositions" ON propositions
|
|
FOR UPDATE USING (is_admin());
|
|
|
|
CREATE POLICY "Admins can delete propositions" ON propositions
|
|
FOR DELETE USING (is_admin());
|
|
|
|
-- ========================================
|
|
-- POLITIQUES POUR participants
|
|
-- ========================================
|
|
-- Lecture publique des participants (pour les pages de vote)
|
|
CREATE POLICY "Public read access to participants" ON participants
|
|
FOR SELECT USING (true);
|
|
|
|
-- Seuls les admins peuvent créer/modifier/supprimer des participants
|
|
CREATE POLICY "Admins can manage participants" ON participants
|
|
FOR ALL USING (is_admin());
|
|
|
|
-- ========================================
|
|
-- POLITIQUES POUR votes
|
|
-- ========================================
|
|
-- Lecture publique des votes (pour les statistiques)
|
|
CREATE POLICY "Public read access to votes" ON votes
|
|
FOR SELECT USING (true);
|
|
|
|
-- Insertion publique des votes (pour le vote public)
|
|
CREATE POLICY "Public insert access to votes" ON votes
|
|
FOR INSERT WITH CHECK (true);
|
|
|
|
-- Mise à jour publique des votes (pour modifier les votes)
|
|
CREATE POLICY "Public update access to votes" ON votes
|
|
FOR UPDATE USING (true);
|
|
|
|
-- Seuls les admins peuvent supprimer des votes
|
|
CREATE POLICY "Admins can delete votes" ON votes
|
|
FOR DELETE USING (is_admin());
|
|
|
|
-- ========================================
|
|
-- POLITIQUES POUR settings
|
|
-- ========================================
|
|
-- Lecture publique des paramètres (pour les fonctionnalités publiques)
|
|
CREATE POLICY "Public read access to settings" ON settings
|
|
FOR SELECT USING (true);
|
|
|
|
-- Seuls les admins peuvent gérer les paramètres
|
|
CREATE POLICY "Admins can manage settings" ON settings
|
|
FOR ALL USING (is_admin());
|
|
|
|
-- ========================================
|
|
-- DONNÉES D'EXEMPLE
|
|
-- ========================================
|
|
|
|
-- Paramètres par défaut
|
|
INSERT INTO settings (key, value, category, description) VALUES
|
|
('randomize_propositions', 'true', 'display', 'Afficher les propositions dans un ordre aléatoire lors du vote');
|
|
|
|
-- ========================================
|
|
-- FONCTIONS UTILITAIRES
|
|
-- ========================================
|
|
|
|
|
|
|
|
-- Fonction pour obtenir les statistiques d'une campagne (publique)
|
|
CREATE OR REPLACE FUNCTION get_campaign_stats(campaign_uuid UUID)
|
|
RETURNS TABLE(
|
|
total_propositions BIGINT,
|
|
total_participants BIGINT,
|
|
total_votes BIGINT,
|
|
total_budget_voted BIGINT
|
|
) AS $$
|
|
BEGIN
|
|
RETURN QUERY
|
|
SELECT
|
|
(SELECT COUNT(*) FROM propositions WHERE campaign_id = campaign_uuid) as total_propositions,
|
|
(SELECT COUNT(*) FROM participants WHERE campaign_id = campaign_uuid) as total_participants,
|
|
(SELECT COUNT(*) FROM votes WHERE campaign_id = campaign_uuid) as total_votes,
|
|
(SELECT COALESCE(SUM(amount), 0) FROM votes WHERE campaign_id = campaign_uuid) as total_budget_voted;
|
|
END;
|
|
$$ LANGUAGE plpgsql SECURITY DEFINER;
|