-- Create violation_responses table for homeowner QR code responses
CREATE TABLE public.violation_responses (
  id UUID NOT NULL DEFAULT gen_random_uuid() PRIMARY KEY,
  violation_id UUID NOT NULL REFERENCES public.violations(id) ON DELETE CASCADE,
  respondent_name TEXT,
  respondent_email TEXT,
  respondent_phone TEXT,
  response_text TEXT,
  date_corrected DATE,
  photo_urls JSONB DEFAULT '[]'::jsonb,
  status TEXT NOT NULL DEFAULT 'submitted',
  created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(),
  updated_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now()
);

-- Enable RLS
ALTER TABLE public.violation_responses ENABLE ROW LEVEL SECURITY;

-- Allow anyone to INSERT (public form from QR code, no auth required)
CREATE POLICY "Anyone can submit violation responses"
ON public.violation_responses
FOR INSERT
TO anon, authenticated
WITH CHECK (true);

-- Staff can view all responses
CREATE POLICY "Staff can view violation responses"
ON public.violation_responses
FOR SELECT
TO authenticated
USING (has_role(auth.uid(), 'admin'::app_role) OR has_role(auth.uid(), 'manager'::app_role));

-- Staff can update/delete responses
CREATE POLICY "Staff can manage violation responses"
ON public.violation_responses
FOR ALL
TO authenticated
USING (has_role(auth.uid(), 'admin'::app_role) OR has_role(auth.uid(), 'manager'::app_role))
WITH CHECK (has_role(auth.uid(), 'admin'::app_role) OR has_role(auth.uid(), 'manager'::app_role));

-- Allow anonymous users to read violation basic info for the response page
CREATE POLICY "Anyone can read violations for response page"
ON public.violations
FOR SELECT
TO anon
USING (true);

-- Update trigger
CREATE TRIGGER update_violation_responses_updated_at
  BEFORE UPDATE ON public.violation_responses
  FOR EACH ROW
  EXECUTE FUNCTION public.update_updated_at_column();