-- Drop the overly permissive homeowner SELECT policy
DROP POLICY IF EXISTS "Homeowners can read active stripe mappings" ON public.stripe_account_mappings;

-- Create a restricted SELECT policy: homeowners can only read mappings for their own association
CREATE POLICY "Homeowners can read own association stripe mappings"
  ON public.stripe_account_mappings
  FOR SELECT
  TO authenticated
  USING (
    is_active = true
    AND association_id IN (SELECT get_user_association_ids())
  );