-- Ensure company-assets bucket exists and is public
INSERT INTO storage.buckets (id, name, public)
VALUES ('company-assets', 'company-assets', true)
ON CONFLICT (id) DO UPDATE SET public = true;

-- Drop existing policies if any (idempotent)
DROP POLICY IF EXISTS "company-assets public read" ON storage.objects;
DROP POLICY IF EXISTS "company-assets authenticated insert" ON storage.objects;
DROP POLICY IF EXISTS "company-assets authenticated update" ON storage.objects;
DROP POLICY IF EXISTS "company-assets authenticated delete" ON storage.objects;

CREATE POLICY "company-assets public read"
ON storage.objects FOR SELECT
USING (bucket_id = 'company-assets');

CREATE POLICY "company-assets authenticated insert"
ON storage.objects FOR INSERT
TO authenticated
WITH CHECK (bucket_id = 'company-assets');

CREATE POLICY "company-assets authenticated update"
ON storage.objects FOR UPDATE
TO authenticated
USING (bucket_id = 'company-assets')
WITH CHECK (bucket_id = 'company-assets');

CREATE POLICY "company-assets authenticated delete"
ON storage.objects FOR DELETE
TO authenticated
USING (bucket_id = 'company-assets');