Holistic Online Learning Institute System
https://supabase.com/dashboard/project/ntystxwkhldciewdnzqk
Run the following SQL to set up the necessary tables.
-- Create the institutions table
CREATE TABLE institutions (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
slug TEXT UNIQUE NOT NULL,
data JSONB NOT NULL
);
-- Create the institution_members table
CREATE TABLE institution_members (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
institution_id UUID NOT NULL REFERENCES institutions(id) ON DELETE CASCADE,
user_id UUID NOT NULL REFERENCES auth.users(id) ON DELETE CASCADE,
data JSONB NOT NULL,
UNIQUE(institution_id, user_id)
);
-- Enable Row Level Security (RLS) for the institutions table
ALTER TABLE institutions ENABLE ROW LEVEL SECURITY;
-- Allow read access to everyone for the institutions table
CREATE POLICY "Allow public read access to institutions"
ON institutions
FOR SELECT
USING (true);
-- Allow authenticated users to insert new institutions
CREATE POLICY "Allow authenticated users to create institutions"
ON institutions
AS PERMISSIVE
FOR INSERT
TO authenticated
WITH CHECK (true);
-- Create a policy that allows users with 'admin' role in institution_members to update institution records
CREATE POLICY "Admins can update their institution records"
ON institutions
FOR UPDATE
TO authenticated
USING (
EXISTS (
SELECT 1
FROM institution_members im
WHERE
im.institution_id = institutions.id AND
im.user_id = auth.uid() AND
(im.data->'groups')::jsonb ? 'admin'
)
);
-- Enable RLS for the institution_members table
ALTER TABLE institution_members ENABLE ROW LEVEL SECURITY;
-- Allow members to see their own membership record
CREATE POLICY "Allow members to view their own membership"
ON institution_members
FOR SELECT
USING (auth.uid() = user_id);
-- Allow authenticated users to insert new membership records
CREATE POLICY "Enable insert for authenticated users only"
ON institution_members
AS PERMISSIVE
FOR INSERT
TO authenticated
WITH CHECK (true);
-- Update RLS policy to allow users to update only their own institution_members records
CREATE POLICY "Users can update their own membership"
ON institution_members
AS PERMISSIVE
FOR UPDATE
TO authenticated
USING (user_id = auth.uid())
WITH CHECK (user_id = auth.uid());Add the subdomain used by the institution to the inst.education domain list
https://vercel.com/edusys/holis/settings/domains
The application supports both localhost and wildcard domains (*.holis.test). The certificate configuration is in certs/localhost.conf.
openssl req -x509 -newkey rsa:2048 -keyout certs/key.pem -out certs/cert.pem -days 365 -nodes -config certs/localhost.conf -extensions v3_reqsecurity add-trusted-cert -r trustRoot -k ~/Library/Keychains/login.keychain certs/cert.pemIf you've made changes to the certificate configuration or are experiencing SSL issues with subdomains:
-
Remove the old certificate from your keychain:
security delete-certificate -c "localhost" security delete-certificate -c "*.holis.test"
-
Regenerate the certificate:
-
Trust the new certificate:
-
Restart your development server
Add the following entries to your /etc/hosts file:
127.0.0.1 holis.test
127.0.0.1 institution-name.holis.testReplace institution-name with your specific subdomain names as needed.
-
Install dnsmasq:
brew install dnsmasq
-
Configure dnsmasq to resolve *.holis.test to localhost by creating/editing
/usr/local/etc/dnsmasq.conf:address=/.holis.test/127.0.0.1 -
Start or restart dnsmasq:
sudo brew services restart dnsmasq
-
Configure macOS to use dnsmasq for .test domains by creating a resolver:
sudo mkdir -p /etc/resolver echo 'nameserver 127.0.0.1' | sudo tee /etc/resolver/test