story-generator/supabase/contexts/policies.md

policy_id	schema_name	table_name	policy_name	command	policy_using	policy_check
29823	auth	users	Validate user metadata	*	(((raw_user_meta_data ->> 'role'::text))::user_role IS NOT NULL)	null
29615	public	classes	Schools can create classes	a	null	(school_id = auth.uid())
29616	public	classes	Schools can update their classes	w	(school_id = auth.uid())	(school_id = auth.uid())
29614	public	classes	Schools can view their classes	r	(school_id = auth.uid())	null
29301	public	classes	Turmas visíveis para usuários autenticados	r	true	null
65878	public	interests	Students can delete their own interests	d	(auth.uid() = student_id)	null
65876	public	interests	Students can insert their own interests	a	null	(auth.uid() = student_id)
65877	public	interests	Students can update their own interests	w	(auth.uid() = student_id)	(auth.uid() = student_id)
65875	public	interests	Students can view their own interests	r	(auth.uid() = student_id)	null
104599	public	languages	Allow insert/update for admins only	*	((auth.jwt() ->> 'role'::text) = 'admin'::text)	((auth.jwt() ->> 'role'::text) = 'admin'::text)
104598	public	languages	Allow read access for all authenticated users	r	true	null
79931	public	phonics_categories	Permitir leitura de categorias fonéticas para usuários autent	r	true	null
79932	public	phonics_exercise_types	Permitir leitura de tipos de exercícios fonéticos para usuár	r	true	null
79934	public	phonics_exercise_words	Permitir leitura de relações exercício-palavra para usuário	r	true	null
79930	public	phonics_exercises	Permitir leitura de exercícios fonéticos para usuários auten	r	true	null
79933	public	phonics_words	Permitir leitura de palavras fonéticas para usuários autentic	r	true	null
29440	public	schools	Enable insert for registration	a	null	true
29299	public	schools	Escolas visíveis para usuários autenticados	r	true	null
29442	public	schools	Schools can update own data	w	(auth.uid() = id)	(auth.uid() = id)
29441	public	schools	Schools can view own data	r	(auth.uid() = id)	null
29347	public	stories	Alunos podem atualizar suas próprias histórias	w	(student_id IN ( SELECT students.id
FROM students
WHERE (students.email = auth.email())))	null
29346	public	stories	Alunos podem criar suas próprias histórias	a	null	(student_id IN ( SELECT students.id
FROM students
WHERE (students.email = auth.email())))
36241	public	stories	Estudantes podem ver suas próprias histórias	r	((auth.uid() = student_id) AND (EXISTS ( SELECT 1
FROM story_themes
WHERE ((story_themes.id = stories.theme_id) AND (story_themes.active = true)))) AND (EXISTS ( SELECT 1
FROM story_subjects
WHERE ((story_subjects.id = stories.subject_id) AND (story_subjects.active = true)))) AND (EXISTS ( SELECT 1
FROM story_characters
WHERE ((story_characters.id = stories.character_id) AND (story_characters.active = true)))) AND (EXISTS ( SELECT 1
FROM story_settings
WHERE ((story_settings.id = stories.setting_id) AND (story_settings.active = true)))))	null
29345	public	stories	Histórias visíveis para usuários autenticados	r	true	null
53384	public	stories	Permitir deleção pelo dono	d	(auth.uid() = student_id)	null
34952	public	story_characters	Permitir leitura pública dos personagens	r	(active = true)	null
53955	public	story_exercise_words	Apenas sistema pode inserir	a	null	(auth.role() = 'service_role'::text)
53954	public	story_exercise_words	Leitura pública das palavras	r	true	null
37664	public	story_generations	Apenas service_role pode inserir metadados	a	null	true
37663	public	story_generations	Metadados são visíveis para todos	r	true	null
37662	public	story_pages	Apenas service_role pode inserir páginas	a	null	true
37661	public	story_pages	Páginas são visíveis para todos	r	true	null
31560	public	story_recordings	Escolas podem ver todas as gravações	r	(EXISTS ( SELECT 1
FROM students s
WHERE ((s.id = story_recordings.student_id) AND (s.school_id = auth.uid()))))	null
30092	public	story_recordings	Estudantes podem gravar áudios	a	null	(auth.uid() = student_id)
31511	public	story_recordings	Estudantes podem ver suas próprias gravações	r	(auth.uid() = student_id)	null
31558	public	story_recordings	Professores podem ver gravações de seus alunos	r	(EXISTS ( SELECT 1
FROM (classes c
JOIN students s ON ((s.class_id = c.id)))
WHERE ((s.id = story_recordings.student_id) AND (c.teacher_id = auth.uid()))))	null
29748	public	story_recordings	Students can insert their own recordings	a	null	(auth.uid() = student_id)
29749	public	story_recordings	Students can view their own recordings	r	(auth.uid() = student_id)	null
34953	public	story_settings	Permitir leitura pública dos cenários	r	(active = true)	null
34951	public	story_subjects	Permitir leitura pública das disciplinas	r	(active = true)	null
34950	public	story_themes	Permitir leitura pública das categorias	r	(active = true)	null
29302	public	students	Alunos visíveis para usuários autenticados	r	true	null
29638	public	students	Escolas podem inserir seus próprios alunos	a	null	(auth.uid() IN ( SELECT schools.id
FROM schools
WHERE (schools.id = students.school_id)))
29639	public	students	Escolas podem ver seus próprios alunos	r	(auth.uid() IN ( SELECT schools.id
FROM schools
WHERE (schools.id = students.school_id)))	null
29584	public	students	Schools can view their students	r	(school_id = auth.uid())	null
29511	public	teacher_invites	Schools can invite teachers	a	null	(school_id IN ( SELECT schools.id
FROM schools
WHERE (schools.id = auth.uid())))
29300	public	teachers	Professores visíveis para usuários autenticados	r	true	null
29510	public	teachers	Schools can view their teachers	r	(school_id IN ( SELECT schools.id
FROM schools
WHERE (schools.id = auth.uid())))	null
29509	public	teachers	Teachers can view own data	r	(auth.uid() = id)	null
29717	storage	objects	Anyone can read recordings	r	(bucket_id = 'recordings'::text)	null
30136	storage	objects	Estudantes podem fazer upload de áudios	a	null	((bucket_id = 'recordings'::text) AND ((auth.uid())::text = (storage.foldername(name))[1]))
75352	storage	objects	Imagens são publicamente acessíveis	r	(bucket_id = 'story-images'::text)	null
43940	storage	objects	Permitir acesso da Edge Function	r	((bucket_id = 'recordings'::text) AND ((auth.jwt() ->> 'role'::text) = 'service_role'::text))	null
52098	storage	objects	Permitir acesso público para leitura	r	(bucket_id = 'recordings'::text)	null
37570	storage	objects	Permitir acesso público para leitura de imagens de histórias	r	(bucket_id = 'story-images'::text)	null
37573	storage	objects	Permitir delete pela edge function	d	(bucket_id = 'story-images'::text)	null
53468	storage	objects	Permitir deleção de imagens pelo dono da história	d	((bucket_id = 'story-images'::text) AND (EXISTS ( SELECT 1
FROM stories s
WHERE ((s.id = ((storage.foldername(objects.name))[1])::uuid) AND (s.student_id = auth.uid())))))	null
53426	storage	objects	Permitir deleção pelo dono do arquivo	d	((bucket_id = 'recordings'::text) AND ((storage.foldername(name))[1] = (auth.uid())::text))	null
52099	storage	objects	Permitir download público	r	(bucket_id = 'recordings'::text)	null
37572	storage	objects	Permitir update pela edge function	w	(bucket_id = 'story-images'::text)	null
43939	storage	objects	Permitir upload de áudios autenticado	a	null	((bucket_id = 'recordings'::text) AND (auth.role() = 'authenticated'::text))
37571	storage	objects	Permitir upload pela edge function	a	null	(bucket_id = 'story-images'::text)
29716	storage	objects	Students can upload their recordings	a	null	((bucket_id = 'recordings'::text) AND (auth.role() = 'student'::text))
74045	storage	objects	Áudios públicos	r	(bucket_id = 'phonics-audio'::text)	null