CREATE POLICY "Users can delete own messages"
ON public.direct_messages
FOR DELETE
TO authenticated
USING (
  auth.uid() = sender_id
  OR auth.uid() = recipient_id
  OR public.has_role(auth.uid(), 'admin'::public.app_role)
  OR public.has_role(auth.uid(), 'manager'::public.app_role)
);