-- Replace the broken anon insert policy with one that validates via SECURITY DEFINER function (bypasses RLS on violations)
DROP POLICY IF EXISTS "Anon can submit violation responses for valid violation" ON public.violation_responses;

CREATE POLICY "Anon can submit violation responses for valid violation"
ON public.violation_responses
FOR INSERT
TO anon, authenticated
WITH CHECK (
  EXISTS (
    SELECT 1 FROM public.lookup_violation_for_response(violation_id) lv
    WHERE lv.id = violation_id
  )
);