-- Stripe account mappings per association
CREATE TABLE public.stripe_account_mappings (
  id UUID NOT NULL DEFAULT gen_random_uuid() PRIMARY KEY,
  association_id UUID NOT NULL REFERENCES public.associations(id) ON DELETE CASCADE,
  stripe_account_id TEXT NOT NULL,
  stripe_public_key TEXT NOT NULL,
  stripe_secret_key TEXT,
  is_active BOOLEAN NOT NULL DEFAULT true,
  pass_processing_fee BOOLEAN NOT NULL DEFAULT false,
  processing_fee_percent NUMERIC(5,4) NOT NULL DEFAULT 0.029,
  processing_fee_fixed_cents INTEGER NOT NULL DEFAULT 30,
  created_by UUID,
  created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(),
  updated_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(),
  UNIQUE(association_id),
  UNIQUE(stripe_account_id)
);

-- Enable RLS
ALTER TABLE public.stripe_account_mappings ENABLE ROW LEVEL SECURITY;

-- Admin/manager full access
CREATE POLICY "Staff can manage stripe mappings"
  ON public.stripe_account_mappings
  FOR ALL
  TO authenticated
  USING (has_role(auth.uid(), 'admin') OR has_role(auth.uid(), 'manager'))
  WITH CHECK (has_role(auth.uid(), 'admin') OR has_role(auth.uid(), 'manager'));

-- Homeowners can read active mappings (to get public key for their association)
CREATE POLICY "Homeowners can read active stripe mappings"
  ON public.stripe_account_mappings
  FOR SELECT
  TO authenticated
  USING (is_active = true);

-- Stripe payment records
CREATE TABLE public.stripe_payments (
  id UUID NOT NULL DEFAULT gen_random_uuid() PRIMARY KEY,
  association_id UUID NOT NULL REFERENCES public.associations(id) ON DELETE CASCADE,
  owner_id UUID REFERENCES public.owners(id) ON DELETE SET NULL,
  unit_id UUID REFERENCES public.units(id) ON DELETE SET NULL,
  stripe_payment_intent_id TEXT,
  amount_cents INTEGER NOT NULL,
  fee_cents INTEGER NOT NULL DEFAULT 0,
  total_cents INTEGER NOT NULL,
  payment_method_type TEXT NOT NULL DEFAULT 'card',
  status TEXT NOT NULL DEFAULT 'pending',
  description TEXT,
  created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(),
  updated_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now()
);

ALTER TABLE public.stripe_payments ENABLE ROW LEVEL SECURITY;

-- Staff full access
CREATE POLICY "Staff can manage stripe payments"
  ON public.stripe_payments
  FOR ALL
  TO authenticated
  USING (has_role(auth.uid(), 'admin') OR has_role(auth.uid(), 'manager') OR has_role(auth.uid(), 'employee') OR has_role(auth.uid(), 'staff'))
  WITH CHECK (has_role(auth.uid(), 'admin') OR has_role(auth.uid(), 'manager') OR has_role(auth.uid(), 'employee') OR has_role(auth.uid(), 'staff'));

-- Homeowners can see their own payments
CREATE POLICY "Homeowners can view own stripe payments"
  ON public.stripe_payments
  FOR SELECT
  TO authenticated
  USING (
    owner_id IN (
      SELECT o.id FROM public.owners o WHERE o.user_id = auth.uid()
    )
  );

-- Homeowners can insert their own payments
CREATE POLICY "Homeowners can create own stripe payments"
  ON public.stripe_payments
  FOR INSERT
  TO authenticated
  WITH CHECK (
    owner_id IN (
      SELECT o.id FROM public.owners o WHERE o.user_id = auth.uid()
    )
  );

-- Triggers
CREATE TRIGGER update_stripe_account_mappings_updated_at
  BEFORE UPDATE ON public.stripe_account_mappings
  FOR EACH ROW
  EXECUTE FUNCTION public.update_updated_at_column();

CREATE TRIGGER update_stripe_payments_updated_at
  BEFORE UPDATE ON public.stripe_payments
  FOR EACH ROW
  EXECUTE FUNCTION public.update_updated_at_column();