CREATE POLICY "Board members can upload invoices"
ON storage.objects FOR INSERT TO authenticated
WITH CHECK (
  bucket_id = 'invoices'
  AND EXISTS (SELECT 1 FROM public.board_members bm WHERE bm.user_id = auth.uid())
);

CREATE POLICY "Board members can read invoices"
ON storage.objects FOR SELECT TO authenticated
USING (
  bucket_id = 'invoices'
  AND EXISTS (SELECT 1 FROM public.board_members bm WHERE bm.user_id = auth.uid())
);