-- Restore the staff write policy on status_updates. The original "Staff full access
-- on status_updates" policy (from 20260315230415) was dropped from the live DB
-- outside of migrations, leaving only SELECT policies — so every INSERT/UPDATE/DELETE
-- failed with "new row violates row-level security policy". Recreate it (admin/manager
-- full access), matching the original design (employees keep read-only via the SELECT policy).
drop policy if exists "Staff full access on status_updates" on public.status_updates;
create policy "Staff full access on status_updates"
on public.status_updates
for all
to authenticated
using (
  has_role(auth.uid(), 'admin'::app_role)
  or has_role(auth.uid(), 'manager'::app_role)
)
with check (
  has_role(auth.uid(), 'admin'::app_role)
  or has_role(auth.uid(), 'manager'::app_role)
);