add health benefit form

fix super admin

supabase/migrations/20250703145757_add_medreport_schema.sql

@@ -680,17 +680,17 @@ drop policy "accounts_self_update" on "public"."accounts";
 
 drop policy "create_org_account" on "public"."accounts";
 
--- drop policy "restrict_mfa_accounts" on "public"."accounts";
+drop policy "restrict_mfa_accounts" on "public"."accounts";
 
--- drop policy "super_admins_access_accounts" on "public"."accounts";
+drop policy "super_admins_access_accounts" on "public"."accounts";
 
 drop policy "accounts_memberships_delete" on "public"."accounts_memberships";
 
 drop policy "accounts_memberships_read" on "public"."accounts_memberships";
 
--- drop policy "restrict_mfa_accounts_memberships" on "public"."accounts_memberships";
+drop policy "restrict_mfa_accounts_memberships" on "public"."accounts_memberships";
 
--- drop policy "super_admins_access_accounts_memberships" on "public"."accounts_memberships";
+drop policy "super_admins_access_accounts_memberships" on "public"."accounts_memberships";
 
 drop policy "analysis_all" on "public"."analyses";
 
@@ -742,53 +742,53 @@ drop policy "invitations_read_self" on "public"."invitations";
 
 drop policy "invitations_update" on "public"."invitations";
 
--- drop policy "restrict_mfa_invitations" on "public"."invitations";
+drop policy "restrict_mfa_invitations" on "public"."invitations";
 
--- drop policy "super_admins_access_invitations" on "public"."invitations";
+drop policy "super_admins_access_invitations" on "public"."invitations";
 
 drop policy "read_all" on "public"."medreport_product_groups";
 
 drop policy "Enable read access for all users" on "public"."medreport_products_analyses_relations";
 
--- drop policy "Users can read their own nonces" on "public"."nonces";
+drop policy "Users can read their own nonces" on "public"."nonces";
 
 drop policy "notifications_read_self" on "public"."notifications";
 
 drop policy "notifications_update_self" on "public"."notifications";
 
--- drop policy "restrict_mfa_notifications" on "public"."notifications";
+drop policy "restrict_mfa_notifications" on "public"."notifications";
 
 drop policy "order_items_read_self" on "public"."order_items";
 
--- drop policy "restrict_mfa_order_items" on "public"."order_items";
+drop policy "restrict_mfa_order_items" on "public"."order_items";
 
--- drop policy "super_admins_access_order_items" on "public"."order_items";
+drop policy "super_admins_access_order_items" on "public"."order_items";
 
 drop policy "orders_read_self" on "public"."orders";
 
--- drop policy "restrict_mfa_orders" on "public"."orders";
+drop policy "restrict_mfa_orders" on "public"."orders";
 
--- drop policy "super_admins_access_orders" on "public"."orders";
+drop policy "super_admins_access_orders" on "public"."orders";
 
--- drop policy "restrict_mfa_role_permissions" on "public"."role_permissions";
+drop policy "restrict_mfa_role_permissions" on "public"."role_permissions";
 
 drop policy "role_permissions_read" on "public"."role_permissions";
 
--- drop policy "super_admins_access_role_permissions" on "public"."role_permissions";
+drop policy "super_admins_access_role_permissions" on "public"."role_permissions";
 
 drop policy "roles_read" on "public"."roles";
 
--- drop policy "restrict_mfa_subscription_items" on "public"."subscription_items";
+drop policy "restrict_mfa_subscription_items" on "public"."subscription_items";
 
 drop policy "subscription_items_read_self" on "public"."subscription_items";
 
--- drop policy "super_admins_access_subscription_items" on "public"."subscription_items";
+drop policy "super_admins_access_subscription_items" on "public"."subscription_items";
 
--- drop policy "restrict_mfa_subscriptions" on "public"."subscriptions";
+drop policy "restrict_mfa_subscriptions" on "public"."subscriptions";
 
 drop policy "subscriptions_read_self" on "public"."subscriptions";
 
--- drop policy "super_admins_access_subscriptions" on "public"."subscriptions";
+drop policy "super_admins_access_subscriptions" on "public"."subscriptions";
 
 alter table "public"."accounts" drop constraint "accounts_created_by_fkey";
 
@@ -888,7 +888,7 @@ alter table "public"."medreport_products_analyses_relations" drop constraint "pr
 
 alter table "public"."medreport_products_analyses_relations" drop constraint "product_can_be_tied_to_only_one_external_item";
 
--- alter table "public"."nonces" drop constraint "nonces_user_id_fkey";
+alter table "public"."nonces" drop constraint "nonces_user_id_fkey";
 
 alter table "public"."notifications" drop constraint "notifications_account_id_fkey";
 
@@ -956,7 +956,7 @@ alter table "public"."medreport_products_analyses_relations" drop constraint "me
 
 alter table "public"."medreport_products_external_services_relations" drop constraint "medreport_products_connected_online_services_pkey";
 
--- alter table "public"."nonces" drop constraint "nonces_pkey";
+alter table "public"."nonces" drop constraint "nonces_pkey";
 
 alter table "public"."notifications" drop constraint "notifications_pkey";
 
@@ -1876,11 +1876,12 @@ BEGIN
 END;$function$
 ;
 
-CREATE OR REPLACE FUNCTION medreport.create_team_account(account_name text)
- RETURNS medreport.accounts
- LANGUAGE plpgsql
- SET search_path TO ''
-AS $function$declare
+create
+    or replace function medreport.create_team_account (account_name text) returns medreport.accounts
+    SECURITY DEFINER
+    set
+        search_path = '' as $$
+declare
     new_account medreport.accounts;
 begin
     if (not medreport.is_set('enable_team_accounts')) then
@@ -1898,8 +1899,13 @@ begin
 
     return new_account;
 
-end;$function$
-;
+end;
+
+$$ language plpgsql;
+
+grant
+    execute on function medreport.create_team_account (text) to authenticated,
+    service_role;
 
 CREATE OR REPLACE FUNCTION medreport.get_account_invitations(account_slug text)
  RETURNS TABLE(id integer, email character varying, account_id uuid, invited_by uuid, role character varying, created_at timestamp with time zone, updated_at timestamp with time zone, expires_at timestamp with time zone, inviter_name character varying, inviter_email character varying)
@@ -3893,29 +3899,43 @@ to authenticated
 using ((account_id = auth.uid()));
 
 
-create policy "accounts_read"
-on "medreport"."accounts"
-as permissive
-for select
-to authenticated
-using (((( SELECT auth.uid() AS uid) = primary_owner_user_id) OR medreport.has_role_on_account(id) OR medreport.is_account_team_member(id)));
+create policy accounts_read on medreport.accounts for
+    select
+    to authenticated using (
+        (
+                (
+                    select
+                        auth.uid ()
+                ) = primary_owner_user_id
+            )
+        or medreport.has_role_on_account (id)
+        or medreport.is_account_team_member (id)
+    );
 
 
-create policy "accounts_self_update"
-on "medreport"."accounts"
-as permissive
-for update
-to authenticated
-using ((( SELECT auth.uid() AS uid) = primary_owner_user_id))
-with check ((( SELECT auth.uid() AS uid) = primary_owner_user_id));
+create policy accounts_self_update on medreport.accounts
+    for update
+    to authenticated using (
+        (
+            select
+                auth.uid ()
+        ) = primary_owner_user_id
+    )
+    with
+    check (
+        (
+            select
+                auth.uid ()
+        ) = primary_owner_user_id
+    );
 
 
-create policy "create_org_account"
-on "medreport"."accounts"
-as permissive
-for insert
-to authenticated
-with check ((medreport.is_set('enable_team_accounts'::text) AND (is_personal_account = false)));
+create policy create_org_account on medreport.accounts for insert to authenticated
+    with
+    check (
+        medreport.is_set ('enable_team_accounts')
+        and is_personal_account = false
+    );
 
 
 create policy "restrict_mfa_accounts"
@@ -5160,47 +5180,47 @@ revoke truncate on table "public"."medreport_products_external_services_relation
 
 revoke update on table "public"."medreport_products_external_services_relations" from "service_role";
 
--- revoke delete on table "public"."nonces" from "anon";
+revoke delete on table "public"."nonces" from "anon";
 
--- revoke insert on table "public"."nonces" from "anon";
+revoke insert on table "public"."nonces" from "anon";
 
--- revoke references on table "public"."nonces" from "anon";
+revoke references on table "public"."nonces" from "anon";
 
--- revoke select on table "public"."nonces" from "anon";
+revoke select on table "public"."nonces" from "anon";
 
--- revoke trigger on table "public"."nonces" from "anon";
+revoke trigger on table "public"."nonces" from "anon";
 
--- revoke truncate on table "public"."nonces" from "anon";
+revoke truncate on table "public"."nonces" from "anon";
 
--- revoke update on table "public"."nonces" from "anon";
+revoke update on table "public"."nonces" from "anon";
 
--- revoke delete on table "public"."nonces" from "authenticated";
+revoke delete on table "public"."nonces" from "authenticated";
 
--- revoke insert on table "public"."nonces" from "authenticated";
+revoke insert on table "public"."nonces" from "authenticated";
 
--- revoke references on table "public"."nonces" from "authenticated";
+revoke references on table "public"."nonces" from "authenticated";
 
--- revoke select on table "public"."nonces" from "authenticated";
+revoke select on table "public"."nonces" from "authenticated";
 
--- revoke trigger on table "public"."nonces" from "authenticated";
+revoke trigger on table "public"."nonces" from "authenticated";
 
--- revoke truncate on table "public"."nonces" from "authenticated";
+revoke truncate on table "public"."nonces" from "authenticated";
 
--- revoke update on table "public"."nonces" from "authenticated";
+revoke update on table "public"."nonces" from "authenticated";
 
--- revoke delete on table "public"."nonces" from "service_role";
+revoke delete on table "public"."nonces" from "service_role";
 
--- revoke insert on table "public"."nonces" from "service_role";
+revoke insert on table "public"."nonces" from "service_role";
 
--- revoke references on table "public"."nonces" from "service_role";
+revoke references on table "public"."nonces" from "service_role";
 
--- revoke select on table "public"."nonces" from "service_role";
+revoke select on table "public"."nonces" from "service_role";
 
--- revoke trigger on table "public"."nonces" from "service_role";
+revoke trigger on table "public"."nonces" from "service_role";
 
--- revoke truncate on table "public"."nonces" from "service_role";
+revoke truncate on table "public"."nonces" from "service_role";
 
--- revoke update on table "public"."nonces" from "service_role";
+revoke update on table "public"."nonces" from "service_role";
 
 revoke delete on table "public"."notifications" from "anon";
 
@@ -5410,7 +5430,7 @@ drop table "public"."medreport_products_analyses_relations";
 
 drop table "public"."medreport_products_external_services_relations";
 
--- drop table "public"."nonces";
+drop table "public"."nonces";
 
 drop table "public"."notifications";