Add ACMCC app source, Supabase backend, and project config

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

supabase/migrations/20260323015555_6d7e3e22-986c-49e6-a47f-e0b8bc0417f5.sql

@@ -0,0 +1,91 @@
+
+-- Store Google Drive OAuth tokens for admin users
+CREATE TABLE public.google_drive_tokens (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  user_id UUID REFERENCES auth.users(id) ON DELETE CASCADE NOT NULL UNIQUE,
+  access_token TEXT NOT NULL,
+  refresh_token TEXT NOT NULL,
+  token_expires_at TIMESTAMPTZ NOT NULL,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+  updated_at TIMESTAMPTZ NOT NULL DEFAULT now()
+);
+
+ALTER TABLE public.google_drive_tokens ENABLE ROW LEVEL SECURITY;
+
+CREATE POLICY "Admins can manage their own tokens"
+  ON public.google_drive_tokens
+  FOR ALL
+  TO authenticated
+  USING (
+    user_id = auth.uid() 
+    AND (public.has_role(auth.uid(), 'admin') OR public.has_role(auth.uid(), 'manager'))
+  )
+  WITH CHECK (
+    user_id = auth.uid()
+    AND (public.has_role(auth.uid(), 'admin') OR public.has_role(auth.uid(), 'manager'))
+  );
+
+-- Track which Drive files/folders are shared and with whom
+CREATE TABLE public.shared_drive_files (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  drive_file_id TEXT NOT NULL,
+  drive_file_name TEXT NOT NULL,
+  drive_mime_type TEXT,
+  drive_icon_link TEXT,
+  drive_web_view_link TEXT,
+  is_folder BOOLEAN NOT NULL DEFAULT false,
+  shared_by UUID REFERENCES auth.users(id) ON DELETE SET NULL,
+  association_ids UUID[] DEFAULT '{}',
+  visibility TEXT[] NOT NULL DEFAULT '{admin}',
+  parent_shared_id UUID REFERENCES public.shared_drive_files(id) ON DELETE CASCADE,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+  updated_at TIMESTAMPTZ NOT NULL DEFAULT now()
+);
+
+ALTER TABLE public.shared_drive_files ENABLE ROW LEVEL SECURITY;
+
+-- Staff can manage shared files
+CREATE POLICY "Staff can manage shared drive files"
+  ON public.shared_drive_files
+  FOR ALL
+  TO authenticated
+  USING (
+    public.has_role(auth.uid(), 'admin') OR public.has_role(auth.uid(), 'manager')
+  )
+  WITH CHECK (
+    public.has_role(auth.uid(), 'admin') OR public.has_role(auth.uid(), 'manager')
+  );
+
+-- Board members and homeowners can view files shared with them
+CREATE POLICY "Users can view files shared with their role or association"
+  ON public.shared_drive_files
+  FOR SELECT
+  TO authenticated
+  USING (
+    public.has_role(auth.uid(), 'admin')
+    OR public.has_role(auth.uid(), 'manager')
+    OR (
+      'board_member' = ANY(visibility)
+      AND EXISTS (
+        SELECT 1 FROM public.board_members bm
+        WHERE bm.user_id = auth.uid()
+        AND bm.association_id = ANY(shared_drive_files.association_ids)
+      )
+    )
+    OR (
+      'homeowner' = ANY(visibility)
+      AND EXISTS (
+        SELECT 1 FROM public.owners o
+        WHERE o.user_id = auth.uid()
+        AND o.association_id = ANY(shared_drive_files.association_ids)
+      )
+    )
+  );
+
+CREATE TRIGGER update_google_drive_tokens_updated_at
+  BEFORE UPDATE ON public.google_drive_tokens
+  FOR EACH ROW EXECUTE FUNCTION public.update_updated_at_column();
+
+CREATE TRIGGER update_shared_drive_files_updated_at
+  BEFORE UPDATE ON public.shared_drive_files
+  FOR EACH ROW EXECUTE FUNCTION public.update_updated_at_column();