CREATE TABLE public.association_hidden_homeowner_folders (
  id UUID NOT NULL DEFAULT gen_random_uuid() PRIMARY KEY,
  association_id UUID NOT NULL REFERENCES public.associations(id) ON DELETE CASCADE,
  folder_path TEXT NOT NULL,
  created_by UUID,
  created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(),
  UNIQUE (association_id, folder_path)
);

CREATE INDEX idx_ahhf_association ON public.association_hidden_homeowner_folders(association_id);

ALTER TABLE public.association_hidden_homeowner_folders ENABLE ROW LEVEL SECURITY;

CREATE POLICY "Authenticated can view hidden folder rules"
ON public.association_hidden_homeowner_folders FOR SELECT
TO authenticated
USING (true);

CREATE POLICY "Admins and managers can insert hidden folder rules"
ON public.association_hidden_homeowner_folders FOR INSERT
TO authenticated
WITH CHECK (
  public.has_role(auth.uid(), 'admin'::public.app_role)
  OR public.has_role(auth.uid(), 'manager'::public.app_role)
);

CREATE POLICY "Admins and managers can delete hidden folder rules"
ON public.association_hidden_homeowner_folders FOR DELETE
TO authenticated
USING (
  public.has_role(auth.uid(), 'admin'::public.app_role)
  OR public.has_role(auth.uid(), 'manager'::public.app_role)
);