CREATE OR REPLACE FUNCTION public.can_comment_on_entity(_user_id uuid, _entity_type text, _entity_id uuid) RETURNS boolean LANGUAGE sql STABLE SECURITY DEFINER SET search_path TO 'public' AS $function$ SELECT CASE _entity_type WHEN 'board_vote' THEN EXISTS ( SELECT 1 FROM public.board_votes bv WHERE bv.id = _entity_id AND public.user_belongs_to_association(_user_id, bv.association_id) ) WHEN 'legal_matter' THEN EXISTS ( SELECT 1 FROM public.legal_matters lm WHERE lm.id = _entity_id AND ( public.user_belongs_to_association(_user_id, lm.association_id) OR ( public.has_role(_user_id, 'legal'::public.app_role) AND public.legal_user_assigned_to_association(_user_id, lm.association_id) ) ) ) WHEN 'bid_quote' THEN EXISTS ( SELECT 1 FROM public.bids_quotes bq WHERE bq.id = _entity_id AND public.user_belongs_to_association(_user_id, bq.association_id) ) WHEN 'arc_application' THEN EXISTS ( SELECT 1 FROM public.arc_applications aa WHERE aa.id = _entity_id AND public.user_belongs_to_association(_user_id, aa.association_id) ) WHEN 'client_request' THEN EXISTS ( SELECT 1 FROM public.client_requests cr WHERE cr.id = _entity_id AND public.user_belongs_to_association(_user_id, cr.association_id) ) WHEN 'homeowner_request' THEN EXISTS ( SELECT 1 FROM public.homeowner_requests hr LEFT JOIN public.owners o ON o.id = hr.owner_id WHERE hr.id = _entity_id AND ( public.user_belongs_to_association(_user_id, hr.association_id) OR o.user_id = _user_id ) ) WHEN 'status_update' THEN public.can_comment_on_status_update(_user_id, _entity_id) ELSE false END $function$; DROP POLICY IF EXISTS "Participants can view ticket comments" ON public.entity_comments; DROP POLICY IF EXISTS "Participants can view entity comments" ON public.entity_comments; CREATE POLICY "Participants can view entity comments" ON public.entity_comments FOR SELECT TO authenticated USING (public.can_comment_on_entity(auth.uid(), entity_type, entity_id));