Storage Policies

CREATE POLICY "policy_name"
ON storage.objects
FOR SELECT | INSERT | UPDATE | DELETE
TO authenticated | public
USING (...)      -- For SELECT/UPDATE/DELETE
WITH CHECK (...); -- For INSERT/UPDATE

CREATE POLICY "Lectura pública de imágenes"
ON storage.objects
FOR SELECT
TO public
USING (
  bucket_id = 'imagenes'
);

CREATE POLICY "Administradores pueden subir imágenes de noticias"
ON storage.objects
FOR INSERT
TO authenticated
WITH CHECK (
  bucket_id = 'imagenes' 
  AND (storage.foldername(name))[1] = 'noticias'
  AND EXISTS (
    SELECT 1 FROM public.administradores
    WHERE id = auth.uid()
  )
);

CREATE POLICY "Administradores pueden actualizar imágenes de noticias"
ON storage.objects
FOR UPDATE
TO authenticated
USING (
  bucket_id = 'imagenes' 
  AND (storage.foldername(name))[1] = 'noticias'
  AND EXISTS (
    SELECT 1 FROM public.administradores
    WHERE id = auth.uid()
  )
);

CREATE POLICY "Administradores pueden eliminar imágenes de noticias"
ON storage.objects
FOR DELETE
TO authenticated
USING (
  bucket_id = 'imagenes' 
  AND (storage.foldername(name))[1] = 'noticias'
  AND EXISTS (
    SELECT 1 FROM public.administradores
    WHERE id = auth.uid()
  )
);

CREATE POLICY "Usuarios pueden subir imágenes de reportes"
ON storage.objects
FOR INSERT
TO authenticated
WITH CHECK (
  bucket_id = 'imagenes' 
  AND (storage.foldername(name))[1] = 'reportes'
  AND EXISTS (
    SELECT 1 FROM public.usuarios
    WHERE id = auth.uid()
  )
);

CREATE POLICY "Usuarios pueden eliminar sus imágenes de reportes"
ON storage.objects
FOR DELETE
TO authenticated
USING (
  bucket_id = 'imagenes' 
  AND (storage.foldername(name))[1] = 'reportes'
  AND owner = auth.uid()
);

CREATE POLICY "Administradores pueden subir imágenes de encuestas"
ON storage.objects
FOR INSERT
TO authenticated
WITH CHECK (
  bucket_id = 'imagenes' 
  AND (storage.foldername(name))[1] = 'encuestas'
  AND EXISTS (
    SELECT 1 FROM public.administradores
    WHERE id = auth.uid()
  )
);

CREATE POLICY "Administradores pueden eliminar imágenes de encuestas"
ON storage.objects
FOR DELETE
TO authenticated
USING (
  bucket_id = 'imagenes' 
  AND (storage.foldername(name))[1] = 'encuestas'
  AND EXISTS (
    SELECT 1 FROM public.administradores
    WHERE id = auth.uid()
  )
);

storage.foldername('noticias/2024/photo.jpg')
-- Returns: ['noticias', '2024']

(storage.foldername(name))[1]
-- Returns: 'noticias' (first folder)

owner = auth.uid()  -- Check if user owns the file

import { supabase } from '@/lib/supabase';

async function uploadImage(file: File, folder: 'noticias' | 'reportes' | 'encuestas') {
  const fileName = `${Date.now()}-${file.name}`;
  const filePath = `${folder}/${fileName}`;
  
  const { data, error } = await supabase.storage
    .from('imagenes')
    .upload(filePath, file, {
      cacheControl: '3600',
      upsert: false
    });
  
  if (error) {
    console.error('Error uploading:', error);
    return null;
  }
  
  // Get public URL
  const { data: { publicUrl } } = supabase.storage
    .from('imagenes')
    .getPublicUrl(filePath);
  
  return publicUrl;
}

const imageUrl = supabase.storage
  .from('imagenes')
  .getPublicUrl('noticias/photo.jpg').data.publicUrl;

// Use in <img> tag
<img :src="imageUrl" alt="News photo" />

const { error } = await supabase.storage
  .from('imagenes')
  .remove(['reportes/old-photo.jpg']);

if (error) {
  console.error('Error deleting:', error);
}

imagenes/
├── noticias/
│   ├── 2024-01-15-alcalde-reunion.jpg
│   ├── 2024-01-20-nueva-obra.jpg
│   └── ...
├── reportes/
│   ├── <uuid>-bache-calle-10.jpg
│   ├── <uuid>-alumbrado-roto.jpg
│   └── ...
└── encuestas/
    ├── encuesta-satisfaccion.jpg
    └── ...

SELECT 
  policyname,
  cmd,
  roles,
  qual,
  with_check
FROM pg_policies
WHERE tablename = 'objects' 
  AND schemaname = 'storage'
ORDER BY policyname;

function validateFile(file: File): string | null {
  const maxSize = 5 * 1024 * 1024; // 5MB
  const allowedTypes = ['image/jpeg', 'image/jpg', 'image/png', 'image/webp'];
  
  if (file.size > maxSize) {
    return 'El archivo excede 5MB';
  }
  
  if (!allowedTypes.includes(file.type)) {
    return 'Formato no permitido. Use JPG, PNG o WebP';
  }
  
  return null; // Valid
}

CREATE POLICY "Lectura pública de imágenes"
ON storage.objects FOR SELECT TO public
USING (bucket_id = 'imagenes');

import sharp from 'sharp'; // Server-side

// Resize and compress
const optimized = await sharp(file)
  .resize(1200, 1200, { fit: 'inside', withoutEnlargement: true })
  .jpeg({ quality: 85 })
  .toBuffer();

const { data, error } = await supabase.storage
  .from('imagenes')
  .upload(filePath, file, {
    cacheControl: '3600', // 1 hour cache
  });