CREATE TABLE public.forte_account_mappings (
  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
  association_id UUID REFERENCES public.associations(id) ON DELETE CASCADE,
  organization_id TEXT NOT NULL,
  location_id TEXT NOT NULL,
  api_access_id TEXT NOT NULL,
  api_secure_key TEXT,
  is_active BOOLEAN NOT NULL DEFAULT true,
  pass_processing_fee BOOLEAN NOT NULL DEFAULT false,
  processing_fee_percent NUMERIC NOT NULL DEFAULT 0.029,
  processing_fee_fixed_cents INTEGER NOT NULL DEFAULT 30,
  label TEXT,
  environment TEXT NOT NULL DEFAULT 'sandbox',
  created_by UUID,
  created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
  updated_at TIMESTAMPTZ NOT NULL DEFAULT now()
);

ALTER TABLE public.forte_account_mappings ENABLE ROW LEVEL SECURITY;

CREATE POLICY "Authenticated users can view forte mappings"
  ON public.forte_account_mappings FOR SELECT TO authenticated
  USING (true);

CREATE POLICY "Admins can manage forte mappings"
  ON public.forte_account_mappings FOR ALL TO authenticated
  USING (public.has_role(auth.uid(), 'admin') OR public.has_role(auth.uid(), 'manager'))
  WITH CHECK (public.has_role(auth.uid(), 'admin') OR public.has_role(auth.uid(), 'manager'));