-- Per-association check layout settings
CREATE TABLE public.check_layouts (
  id UUID NOT NULL DEFAULT gen_random_uuid() PRIMARY KEY,
  association_id UUID NOT NULL UNIQUE REFERENCES public.associations(id) ON DELETE CASCADE,

  -- Position on page: where the check sits on the 8.5x11 sheet
  -- 'top' (default), 'middle', 'bottom'
  check_position TEXT NOT NULL DEFAULT 'top',

  -- Margins / fine offset (inches)
  offset_x NUMERIC NOT NULL DEFAULT 0,
  offset_y NUMERIC NOT NULL DEFAULT 0,

  -- Logo / payer block
  show_payer_block BOOLEAN NOT NULL DEFAULT true,
  show_logo BOOLEAN NOT NULL DEFAULT true,
  payer_name TEXT,
  payer_address TEXT,

  -- Signature
  show_signature_line BOOLEAN NOT NULL DEFAULT true,
  signature_image_url TEXT,
  signature_label TEXT,

  -- Memo / footer
  memo_prefix TEXT,
  footer_text TEXT,

  created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
  updated_at TIMESTAMPTZ NOT NULL DEFAULT now()
);

ALTER TABLE public.check_layouts ENABLE ROW LEVEL SECURITY;

-- Staff (admin/manager) can manage
CREATE POLICY "Staff can view check layouts"
ON public.check_layouts FOR SELECT TO authenticated
USING (public.has_role(auth.uid(), 'admin'::public.app_role) OR public.has_role(auth.uid(), 'manager'::public.app_role));

CREATE POLICY "Staff can insert check layouts"
ON public.check_layouts FOR INSERT TO authenticated
WITH CHECK (public.has_role(auth.uid(), 'admin'::public.app_role) OR public.has_role(auth.uid(), 'manager'::public.app_role));

CREATE POLICY "Staff can update check layouts"
ON public.check_layouts FOR UPDATE TO authenticated
USING (public.has_role(auth.uid(), 'admin'::public.app_role) OR public.has_role(auth.uid(), 'manager'::public.app_role));

CREATE POLICY "Staff can delete check layouts"
ON public.check_layouts FOR DELETE TO authenticated
USING (public.has_role(auth.uid(), 'admin'::public.app_role) OR public.has_role(auth.uid(), 'manager'::public.app_role));

-- updated_at trigger
CREATE TRIGGER update_check_layouts_updated_at
BEFORE UPDATE ON public.check_layouts
FOR EACH ROW EXECUTE FUNCTION public.update_updated_at_column();

-- Storage bucket for signature images
INSERT INTO storage.buckets (id, name, public)
VALUES ('check-signatures', 'check-signatures', true)
ON CONFLICT (id) DO NOTHING;

CREATE POLICY "Public can view check signatures"
ON storage.objects FOR SELECT
USING (bucket_id = 'check-signatures');

CREATE POLICY "Staff can upload check signatures"
ON storage.objects FOR INSERT TO authenticated
WITH CHECK (
  bucket_id = 'check-signatures'
  AND (public.has_role(auth.uid(), 'admin'::public.app_role) OR public.has_role(auth.uid(), 'manager'::public.app_role))
);

CREATE POLICY "Staff can update check signatures"
ON storage.objects FOR UPDATE TO authenticated
USING (
  bucket_id = 'check-signatures'
  AND (public.has_role(auth.uid(), 'admin'::public.app_role) OR public.has_role(auth.uid(), 'manager'::public.app_role))
);

CREATE POLICY "Staff can delete check signatures"
ON storage.objects FOR DELETE TO authenticated
USING (
  bucket_id = 'check-signatures'
  AND (public.has_role(auth.uid(), 'admin'::public.app_role) OR public.has_role(auth.uid(), 'manager'::public.app_role))
);