-- Create in_app_notifications table CREATE TABLE public.in_app_notifications ( id UUID NOT NULL DEFAULT gen_random_uuid() PRIMARY KEY, user_id UUID NOT NULL, type TEXT NOT NULL DEFAULT 'info', title TEXT NOT NULL, message TEXT, is_read BOOLEAN NOT NULL DEFAULT false, related_item_id UUID, related_item_type TEXT, link TEXT, created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now() ); -- Enable RLS ALTER TABLE public.in_app_notifications ENABLE ROW LEVEL SECURITY; -- Users can read their own notifications CREATE POLICY "Users can read own notifications" ON public.in_app_notifications FOR SELECT TO authenticated USING (user_id = auth.uid()); -- Users can update (mark as read) their own notifications CREATE POLICY "Users can update own notifications" ON public.in_app_notifications FOR UPDATE TO authenticated USING (user_id = auth.uid()) WITH CHECK (user_id = auth.uid()); -- Users can delete their own notifications CREATE POLICY "Users can delete own notifications" ON public.in_app_notifications FOR DELETE TO authenticated USING (user_id = auth.uid()); -- Admins/managers can insert notifications for any user CREATE POLICY "Staff can insert notifications" ON public.in_app_notifications FOR INSERT TO authenticated WITH CHECK (has_role(auth.uid(), 'admin'::app_role) OR has_role(auth.uid(), 'manager'::app_role) OR user_id = auth.uid()); -- Enable realtime ALTER PUBLICATION supabase_realtime ADD TABLE public.in_app_notifications; -- Add last_notified_at to reminders if not exists DO $$ BEGIN IF NOT EXISTS (SELECT 1 FROM information_schema.columns WHERE table_schema='public' AND table_name='reminders' AND column_name='last_notified_at') THEN ALTER TABLE public.reminders ADD COLUMN last_notified_at TIMESTAMP WITH TIME ZONE; END IF; IF NOT EXISTS (SELECT 1 FROM information_schema.columns WHERE table_schema='public' AND table_name='reminders' AND column_name='assigned_to') THEN ALTER TABLE public.reminders ADD COLUMN assigned_to UUID; END IF; END $$; -- Create a security definer function to insert notifications (bypasses RLS for edge functions) CREATE OR REPLACE FUNCTION public.insert_notification( p_user_id UUID, p_type TEXT, p_title TEXT, p_message TEXT DEFAULT NULL, p_related_item_id UUID DEFAULT NULL, p_related_item_type TEXT DEFAULT NULL, p_link TEXT DEFAULT NULL ) RETURNS UUID LANGUAGE plpgsql SECURITY DEFINER SET search_path = public AS $$ DECLARE v_id UUID; BEGIN INSERT INTO public.in_app_notifications (user_id, type, title, message, related_item_id, related_item_type, link) VALUES (p_user_id, p_type, p_title, p_message, p_related_item_id, p_related_item_type, p_link) RETURNING id INTO v_id; RETURN v_id; END; $$;