-- Public-safe RPCs for amenity calendar visibility and booking lookup -- 1) Return confirmed/blocked bookings for an amenity, exposing only safe fields CREATE OR REPLACE FUNCTION public.get_public_amenity_booked_dates(p_amenity_id uuid) RETURNS TABLE(booking_date date, start_time text, end_time text, status text) LANGUAGE sql STABLE SECURITY DEFINER SET search_path = public AS $$ SELECT ab.booking_date, ab.start_time, ab.end_time, ab.status FROM public.amenity_bookings ab JOIN public.amenities a ON a.id = ab.amenity_id JOIN public.association_public_pages app ON app.association_id = a.association_id WHERE ab.amenity_id = p_amenity_id AND a.is_active = true AND app.is_published = true AND ab.status IN ('confirmed', 'approved', 'blocked') AND ab.booking_date >= (CURRENT_DATE - INTERVAL '7 days') $$; GRANT EXECUTE ON FUNCTION public.get_public_amenity_booked_dates(uuid) TO anon, authenticated; -- 2) Look up a single booking for the public confirmation page CREATE OR REPLACE FUNCTION public.get_public_booking_confirmation(p_booking_id uuid) RETURNS TABLE( id uuid, guest_name text, guest_email text, booking_date date, start_time text, end_time text, status text, title text, amenity_name text, association_name text, association_slug text ) LANGUAGE sql STABLE SECURITY DEFINER SET search_path = public AS $$ SELECT ab.id, ab.guest_name, ab.guest_email, ab.booking_date, ab.start_time, ab.end_time, ab.status, ab.title, a.name AS amenity_name, assoc.name AS association_name, app.slug AS association_slug FROM public.amenity_bookings ab JOIN public.amenities a ON a.id = ab.amenity_id JOIN public.associations assoc ON assoc.id = ab.association_id LEFT JOIN public.association_public_pages app ON app.association_id = ab.association_id WHERE ab.id = p_booking_id $$; GRANT EXECUTE ON FUNCTION public.get_public_booking_confirmation(uuid) TO anon, authenticated; -- 3) Allow status='blocked' as a valid booking_type-independent status used by admin manual blocks -- (no constraint exists on status, so nothing to change)