-- Homeowners can read documents belonging to their association CREATE POLICY "Homeowners can view association documents" ON public.documents FOR SELECT TO authenticated USING ( has_role(auth.uid(), 'homeowner'::app_role) AND association_id IN ( SELECT o.association_id FROM public.owners o WHERE o.user_id = auth.uid() ) ); -- Homeowners can insert ARC applications for their association CREATE POLICY "Homeowners can submit ARC applications" ON public.arc_applications FOR INSERT TO authenticated WITH CHECK ( has_role(auth.uid(), 'homeowner'::app_role) AND association_id IN ( SELECT o.association_id FROM public.owners o WHERE o.user_id = auth.uid() ) ); -- Homeowners can view their own ARC applications CREATE POLICY "Homeowners can view own ARC applications" ON public.arc_applications FOR SELECT TO authenticated USING ( has_role(auth.uid(), 'homeowner'::app_role) AND owner_id IN ( SELECT o.id FROM public.owners o WHERE o.user_id = auth.uid() ) ); -- Homeowners can update their own pending ARC applications CREATE POLICY "Homeowners can update own pending ARC applications" ON public.arc_applications FOR UPDATE TO authenticated USING ( has_role(auth.uid(), 'homeowner'::app_role) AND owner_id IN ( SELECT o.id FROM public.owners o WHERE o.user_id = auth.uid() ) AND status IN ('pending', 'draft') ); -- Homeowners can add comments to their own ARC applications CREATE POLICY "Homeowners can comment on own ARC apps" ON public.arc_application_comments FOR INSERT TO authenticated WITH CHECK ( has_role(auth.uid(), 'homeowner'::app_role) AND application_id IN ( SELECT a.id FROM public.arc_applications a JOIN public.owners o ON o.id = a.owner_id WHERE o.user_id = auth.uid() ) ); -- Board members: add user_id column to board_members for linking ALTER TABLE public.board_members ADD COLUMN IF NOT EXISTS user_id uuid REFERENCES auth.users(id); -- Board members get full read access to all documents in their association CREATE POLICY "Board members can view association documents" ON public.documents FOR SELECT TO authenticated USING ( association_id IN ( SELECT bm.association_id FROM public.board_members bm WHERE bm.user_id = auth.uid() ) ); -- Board members can view all ARC applications in their association CREATE POLICY "Board members can view association ARC applications" ON public.arc_applications FOR SELECT TO authenticated USING ( association_id IN ( SELECT bm.association_id FROM public.board_members bm WHERE bm.user_id = auth.uid() ) ); -- Board members can vote on ARC applications CREATE POLICY "Board members can vote on ARC applications" ON public.arc_application_votes FOR INSERT TO authenticated WITH CHECK ( application_id IN ( SELECT a.id FROM public.arc_applications a JOIN public.board_members bm ON bm.association_id = a.association_id WHERE bm.user_id = auth.uid() ) ); -- Board members can comment on ARC applications CREATE POLICY "Board members can comment on ARC applications" ON public.arc_application_comments FOR INSERT TO authenticated WITH CHECK ( application_id IN ( SELECT a.id FROM public.arc_applications a JOIN public.board_members bm ON bm.association_id = a.association_id WHERE bm.user_id = auth.uid() ) ); -- Board members can update ARC application status (approve/deny) CREATE POLICY "Board members can update ARC applications" ON public.arc_applications FOR UPDATE TO authenticated USING ( association_id IN ( SELECT bm.association_id FROM public.board_members bm WHERE bm.user_id = auth.uid() AND bm.approval_authority = true ) );