-- ============================================
-- STORAGE SERVICE ROLE POLICIES
-- Allow service_role to perform all operations on avatars bucket
-- This fixes RLS issues when using supabaseAdmin for storage operations
-- ============================================

-- First, drop any existing service role policies (in case they exist with different names)
DROP POLICY IF EXISTS "Service role can insert avatars" ON storage.objects;
DROP POLICY IF EXISTS "Service role can update avatars" ON storage.objects;
DROP POLICY IF EXISTS "Service role can delete avatars" ON storage.objects;
DROP POLICY IF EXISTS "Service role can read avatars" ON storage.objects;
DROP POLICY IF EXISTS "service_role_insert_avatars" ON storage.objects;
DROP POLICY IF EXISTS "service_role_update_avatars" ON storage.objects;
DROP POLICY IF EXISTS "service_role_delete_avatars" ON storage.objects;
DROP POLICY IF EXISTS "service_role_select_avatars" ON storage.objects;

-- Service role INSERT policy for avatars
CREATE POLICY "service_role_insert_avatars" ON storage.objects
FOR INSERT TO service_role
WITH CHECK (bucket_id = 'avatars');

-- Service role UPDATE policy for avatars
CREATE POLICY "service_role_update_avatars" ON storage.objects
FOR UPDATE TO service_role
USING (bucket_id = 'avatars');

-- Service role DELETE policy for avatars
CREATE POLICY "service_role_delete_avatars" ON storage.objects
FOR DELETE TO service_role
USING (bucket_id = 'avatars');

-- Service role SELECT policy for avatars
CREATE POLICY "service_role_select_avatars" ON storage.objects
FOR SELECT TO service_role
USING (bucket_id = 'avatars');

-- Also add service_role policies for documents bucket
DROP POLICY IF EXISTS "service_role_insert_documents" ON storage.objects;
DROP POLICY IF EXISTS "service_role_update_documents" ON storage.objects;
DROP POLICY IF EXISTS "service_role_delete_documents" ON storage.objects;
DROP POLICY IF EXISTS "service_role_select_documents" ON storage.objects;

CREATE POLICY "service_role_insert_documents" ON storage.objects
FOR INSERT TO service_role
WITH CHECK (bucket_id = 'documents');

CREATE POLICY "service_role_update_documents" ON storage.objects
FOR UPDATE TO service_role
USING (bucket_id = 'documents');

CREATE POLICY "service_role_delete_documents" ON storage.objects
FOR DELETE TO service_role
USING (bucket_id = 'documents');

CREATE POLICY "service_role_select_documents" ON storage.objects
FOR SELECT TO service_role
USING (bucket_id = 'documents');

-- Also add service_role policies for event-images bucket
DROP POLICY IF EXISTS "service_role_insert_event_images" ON storage.objects;
DROP POLICY IF EXISTS "service_role_update_event_images" ON storage.objects;
DROP POLICY IF EXISTS "service_role_delete_event_images" ON storage.objects;
DROP POLICY IF EXISTS "service_role_select_event_images" ON storage.objects;

CREATE POLICY "service_role_insert_event_images" ON storage.objects
FOR INSERT TO service_role
WITH CHECK (bucket_id = 'event-images');

CREATE POLICY "service_role_update_event_images" ON storage.objects
FOR UPDATE TO service_role
USING (bucket_id = 'event-images');

CREATE POLICY "service_role_delete_event_images" ON storage.objects
FOR DELETE TO service_role
USING (bucket_id = 'event-images');

CREATE POLICY "service_role_select_event_images" ON storage.objects
FOR SELECT TO service_role
USING (bucket_id = 'event-images');