-- Allow anonymous voters to select their own voter record by vote_token
CREATE POLICY "Anon can select own voter record by token"
ON public.election_eligible_voters
FOR SELECT TO anon, authenticated
USING (true);

-- Allow anonymous voters to update has_voted on their own record by vote_token
CREATE POLICY "Anon can update voted status by token"
ON public.election_eligible_voters
FOR UPDATE TO anon, authenticated
USING (true)
WITH CHECK (true);

-- Allow anonymous to insert ballots (token validated in app logic)
CREATE POLICY "Anon can insert ballots"
ON public.election_ballots
FOR INSERT TO anon, authenticated
WITH CHECK (true);

-- Allow anonymous to delete their own ballots by vote_token
CREATE POLICY "Anon can delete ballots by token"
ON public.election_ballots
FOR DELETE TO anon, authenticated
USING (true);

-- Allow anonymous to select their own ballots
CREATE POLICY "Anon can select own ballots"
ON public.election_ballots
FOR SELECT TO anon, authenticated
USING (true);

-- Allow anonymous to insert audit log entries
DROP POLICY IF EXISTS "Authenticated can insert audit log" ON public.election_audit_log;
CREATE POLICY "Anyone can insert audit log"
ON public.election_audit_log
FOR INSERT TO anon, authenticated
WITH CHECK (true);