-- ============================================================================
-- RLS POLICIES - Row Level Security Policies for ERP Construccion
-- Version: 1.0.0
-- Fecha: 2026-01-24
-- ============================================================================
-- DESCRIPCION:
--   Este archivo contiene TODAS las politicas de Row Level Security (RLS)
--   para las tablas multi-tenant del ERP Construccion.
--
-- POLITICA:
--   Todas las tablas con columna tenant_id deben tener RLS habilitado y
--   una politica de aislamiento de tenant usando current_setting('app.current_tenant_id').
--
-- USO:
--   SET app.current_tenant_id = 'uuid-del-tenant';
--   -- Todas las queries automaticamente filtraran por tenant_id
--
-- PREREQUISITOS:
--   Ejecutar DESPUES de todos los DDL de schemas (01-07)
-- ============================================================================

-- ============================================================================
-- SCHEMA: construction (24 tablas)
-- ============================================================================

-- fraccionamientos
ALTER TABLE construction.fraccionamientos ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_fraccionamientos ON construction.fraccionamientos;
CREATE POLICY tenant_isolation_fraccionamientos ON construction.fraccionamientos
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- etapas
ALTER TABLE construction.etapas ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_etapas ON construction.etapas;
CREATE POLICY tenant_isolation_etapas ON construction.etapas
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- manzanas
ALTER TABLE construction.manzanas ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_manzanas ON construction.manzanas;
CREATE POLICY tenant_isolation_manzanas ON construction.manzanas
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- prototipos
ALTER TABLE construction.prototipos ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_prototipos ON construction.prototipos;
CREATE POLICY tenant_isolation_prototipos ON construction.prototipos
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- lotes
ALTER TABLE construction.lotes ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_lotes ON construction.lotes;
CREATE POLICY tenant_isolation_lotes ON construction.lotes
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- torres
ALTER TABLE construction.torres ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_torres ON construction.torres;
CREATE POLICY tenant_isolation_torres ON construction.torres
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- niveles
ALTER TABLE construction.niveles ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_niveles ON construction.niveles;
CREATE POLICY tenant_isolation_niveles ON construction.niveles
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- departamentos
ALTER TABLE construction.departamentos ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_departamentos ON construction.departamentos;
CREATE POLICY tenant_isolation_departamentos ON construction.departamentos
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- conceptos
ALTER TABLE construction.conceptos ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_conceptos ON construction.conceptos;
CREATE POLICY tenant_isolation_conceptos ON construction.conceptos
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- presupuestos
ALTER TABLE construction.presupuestos ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_presupuestos ON construction.presupuestos;
CREATE POLICY tenant_isolation_presupuestos ON construction.presupuestos
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- presupuesto_partidas
ALTER TABLE construction.presupuesto_partidas ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_presupuesto_partidas ON construction.presupuesto_partidas;
CREATE POLICY tenant_isolation_presupuesto_partidas ON construction.presupuesto_partidas
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- programa_obra
ALTER TABLE construction.programa_obra ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_programa_obra ON construction.programa_obra;
CREATE POLICY tenant_isolation_programa_obra ON construction.programa_obra
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- programa_actividades
ALTER TABLE construction.programa_actividades ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_programa_actividades ON construction.programa_actividades;
CREATE POLICY tenant_isolation_programa_actividades ON construction.programa_actividades
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- avances_obra
ALTER TABLE construction.avances_obra ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_avances_obra ON construction.avances_obra;
CREATE POLICY tenant_isolation_avances_obra ON construction.avances_obra
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- fotos_avance
ALTER TABLE construction.fotos_avance ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_fotos_avance ON construction.fotos_avance;
CREATE POLICY tenant_isolation_fotos_avance ON construction.fotos_avance
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- bitacora_obra
ALTER TABLE construction.bitacora_obra ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_bitacora_obra ON construction.bitacora_obra;
CREATE POLICY tenant_isolation_bitacora_obra ON construction.bitacora_obra
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- checklists
ALTER TABLE construction.checklists ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_checklists ON construction.checklists;
CREATE POLICY tenant_isolation_checklists ON construction.checklists
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- checklist_items
ALTER TABLE construction.checklist_items ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_checklist_items ON construction.checklist_items;
CREATE POLICY tenant_isolation_checklist_items ON construction.checklist_items
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- inspecciones
ALTER TABLE construction.inspecciones ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_inspecciones ON construction.inspecciones;
CREATE POLICY tenant_isolation_inspecciones ON construction.inspecciones
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- inspeccion_resultados
ALTER TABLE construction.inspeccion_resultados ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_inspeccion_resultados ON construction.inspeccion_resultados;
CREATE POLICY tenant_isolation_inspeccion_resultados ON construction.inspeccion_resultados
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- tickets_postventa
ALTER TABLE construction.tickets_postventa ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_tickets_postventa ON construction.tickets_postventa;
CREATE POLICY tenant_isolation_tickets_postventa ON construction.tickets_postventa
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- subcontratistas
ALTER TABLE construction.subcontratistas ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_subcontratistas ON construction.subcontratistas;
CREATE POLICY tenant_isolation_subcontratistas ON construction.subcontratistas
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- contratos
ALTER TABLE construction.contratos ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_contratos ON construction.contratos;
CREATE POLICY tenant_isolation_contratos ON construction.contratos
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- contrato_partidas
ALTER TABLE construction.contrato_partidas ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_contrato_partidas ON construction.contrato_partidas;
CREATE POLICY tenant_isolation_contrato_partidas ON construction.contrato_partidas
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- ============================================================================
-- SCHEMA: hr (3 tablas)
-- ============================================================================

-- employees
ALTER TABLE hr.employees ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_employees ON hr.employees;
CREATE POLICY tenant_isolation_employees ON hr.employees
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- puestos
ALTER TABLE hr.puestos ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_puestos ON hr.puestos;
CREATE POLICY tenant_isolation_puestos ON hr.puestos
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- employee_fraccionamientos
ALTER TABLE hr.employee_fraccionamientos ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_employee_fraccionamientos ON hr.employee_fraccionamientos;
CREATE POLICY tenant_isolation_employee_fraccionamientos ON hr.employee_fraccionamientos
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- ============================================================================
-- SCHEMA: hse (34 tablas)
-- ============================================================================

-- incidentes
ALTER TABLE hse.incidentes ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_incidentes ON hse.incidentes;
CREATE POLICY tenant_isolation_incidentes ON hse.incidentes
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- capacitaciones
ALTER TABLE hse.capacitaciones ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_capacitaciones ON hse.capacitaciones;
CREATE POLICY tenant_isolation_capacitaciones ON hse.capacitaciones
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- capacitacion_matriz
ALTER TABLE hse.capacitacion_matriz ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_capacitacion_matriz ON hse.capacitacion_matriz;
CREATE POLICY tenant_isolation_capacitacion_matriz ON hse.capacitacion_matriz
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- instructores
ALTER TABLE hse.instructores ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_instructores ON hse.instructores;
CREATE POLICY tenant_isolation_instructores ON hse.instructores
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- capacitacion_sesiones
ALTER TABLE hse.capacitacion_sesiones ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_capacitacion_sesiones ON hse.capacitacion_sesiones;
CREATE POLICY tenant_isolation_capacitacion_sesiones ON hse.capacitacion_sesiones
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- constancias_dc3
ALTER TABLE hse.constancias_dc3 ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_constancias_dc3 ON hse.constancias_dc3;
CREATE POLICY tenant_isolation_constancias_dc3 ON hse.constancias_dc3
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- tipos_inspeccion
ALTER TABLE hse.tipos_inspeccion ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_tipos_inspeccion ON hse.tipos_inspeccion;
CREATE POLICY tenant_isolation_tipos_inspeccion ON hse.tipos_inspeccion
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- programa_inspecciones
ALTER TABLE hse.programa_inspecciones ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_programa_inspecciones ON hse.programa_inspecciones;
CREATE POLICY tenant_isolation_programa_inspecciones ON hse.programa_inspecciones
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- hse.inspecciones (different from construction.inspecciones)
ALTER TABLE hse.inspecciones ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_hse_inspecciones ON hse.inspecciones;
CREATE POLICY tenant_isolation_hse_inspecciones ON hse.inspecciones
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- hallazgos
ALTER TABLE hse.hallazgos ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_hallazgos ON hse.hallazgos;
CREATE POLICY tenant_isolation_hallazgos ON hse.hallazgos
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- epp_catalogo
ALTER TABLE hse.epp_catalogo ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_epp_catalogo ON hse.epp_catalogo;
CREATE POLICY tenant_isolation_epp_catalogo ON hse.epp_catalogo
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- epp_matriz_puesto
ALTER TABLE hse.epp_matriz_puesto ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_epp_matriz_puesto ON hse.epp_matriz_puesto;
CREATE POLICY tenant_isolation_epp_matriz_puesto ON hse.epp_matriz_puesto
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- epp_asignaciones
ALTER TABLE hse.epp_asignaciones ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_epp_asignaciones ON hse.epp_asignaciones;
CREATE POLICY tenant_isolation_epp_asignaciones ON hse.epp_asignaciones
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- epp_inventario
ALTER TABLE hse.epp_inventario ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_epp_inventario ON hse.epp_inventario;
CREATE POLICY tenant_isolation_epp_inventario ON hse.epp_inventario
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- epp_movimientos
ALTER TABLE hse.epp_movimientos ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_epp_movimientos ON hse.epp_movimientos;
CREATE POLICY tenant_isolation_epp_movimientos ON hse.epp_movimientos
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- cumplimiento_obra
ALTER TABLE hse.cumplimiento_obra ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_cumplimiento_obra ON hse.cumplimiento_obra;
CREATE POLICY tenant_isolation_cumplimiento_obra ON hse.cumplimiento_obra
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- comision_seguridad
ALTER TABLE hse.comision_seguridad ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_comision_seguridad ON hse.comision_seguridad;
CREATE POLICY tenant_isolation_comision_seguridad ON hse.comision_seguridad
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- programa_seguridad
ALTER TABLE hse.programa_seguridad ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_programa_seguridad ON hse.programa_seguridad;
CREATE POLICY tenant_isolation_programa_seguridad ON hse.programa_seguridad
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- documentos_stps
ALTER TABLE hse.documentos_stps ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_documentos_stps ON hse.documentos_stps;
CREATE POLICY tenant_isolation_documentos_stps ON hse.documentos_stps
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- auditorias
ALTER TABLE hse.auditorias ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_auditorias ON hse.auditorias;
CREATE POLICY tenant_isolation_auditorias ON hse.auditorias
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- residuos_generacion
ALTER TABLE hse.residuos_generacion ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_residuos_generacion ON hse.residuos_generacion;
CREATE POLICY tenant_isolation_residuos_generacion ON hse.residuos_generacion
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- almacen_temporal
ALTER TABLE hse.almacen_temporal ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_almacen_temporal ON hse.almacen_temporal;
CREATE POLICY tenant_isolation_almacen_temporal ON hse.almacen_temporal
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- proveedores_ambientales
ALTER TABLE hse.proveedores_ambientales ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_proveedores_ambientales ON hse.proveedores_ambientales;
CREATE POLICY tenant_isolation_proveedores_ambientales ON hse.proveedores_ambientales
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- manifiestos_residuos
ALTER TABLE hse.manifiestos_residuos ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_manifiestos_residuos ON hse.manifiestos_residuos;
CREATE POLICY tenant_isolation_manifiestos_residuos ON hse.manifiestos_residuos
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- impacto_ambiental
ALTER TABLE hse.impacto_ambiental ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_impacto_ambiental ON hse.impacto_ambiental;
CREATE POLICY tenant_isolation_impacto_ambiental ON hse.impacto_ambiental
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- quejas_ambientales
ALTER TABLE hse.quejas_ambientales ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_quejas_ambientales ON hse.quejas_ambientales;
CREATE POLICY tenant_isolation_quejas_ambientales ON hse.quejas_ambientales
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- tipos_permiso_trabajo
ALTER TABLE hse.tipos_permiso_trabajo ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_tipos_permiso_trabajo ON hse.tipos_permiso_trabajo;
CREATE POLICY tenant_isolation_tipos_permiso_trabajo ON hse.tipos_permiso_trabajo
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- permisos_trabajo
ALTER TABLE hse.permisos_trabajo ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_permisos_trabajo ON hse.permisos_trabajo;
CREATE POLICY tenant_isolation_permisos_trabajo ON hse.permisos_trabajo
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- indicadores_config
ALTER TABLE hse.indicadores_config ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_indicadores_config ON hse.indicadores_config;
CREATE POLICY tenant_isolation_indicadores_config ON hse.indicadores_config
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- indicadores_valores
ALTER TABLE hse.indicadores_valores ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_indicadores_valores ON hse.indicadores_valores;
CREATE POLICY tenant_isolation_indicadores_valores ON hse.indicadores_valores
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- horas_trabajadas
ALTER TABLE hse.horas_trabajadas ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_horas_trabajadas ON hse.horas_trabajadas;
CREATE POLICY tenant_isolation_horas_trabajadas ON hse.horas_trabajadas
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- dias_sin_accidente
ALTER TABLE hse.dias_sin_accidente ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_dias_sin_accidente ON hse.dias_sin_accidente;
CREATE POLICY tenant_isolation_dias_sin_accidente ON hse.dias_sin_accidente
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- reportes_programados
ALTER TABLE hse.reportes_programados ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_reportes_programados ON hse.reportes_programados;
CREATE POLICY tenant_isolation_reportes_programados ON hse.reportes_programados
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- alertas_indicadores
ALTER TABLE hse.alertas_indicadores ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_alertas_indicadores ON hse.alertas_indicadores;
CREATE POLICY tenant_isolation_alertas_indicadores ON hse.alertas_indicadores
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- ============================================================================
-- SCHEMA: estimates (8 tablas)
-- ============================================================================

-- estimaciones
ALTER TABLE estimates.estimaciones ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_estimaciones ON estimates.estimaciones;
CREATE POLICY tenant_isolation_estimaciones ON estimates.estimaciones
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- estimacion_conceptos
ALTER TABLE estimates.estimacion_conceptos ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_estimacion_conceptos ON estimates.estimacion_conceptos;
CREATE POLICY tenant_isolation_estimacion_conceptos ON estimates.estimacion_conceptos
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- generadores
ALTER TABLE estimates.generadores ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_generadores ON estimates.generadores;
CREATE POLICY tenant_isolation_generadores ON estimates.generadores
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- anticipos
ALTER TABLE estimates.anticipos ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_anticipos ON estimates.anticipos;
CREATE POLICY tenant_isolation_anticipos ON estimates.anticipos
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- amortizaciones
ALTER TABLE estimates.amortizaciones ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_amortizaciones ON estimates.amortizaciones;
CREATE POLICY tenant_isolation_amortizaciones ON estimates.amortizaciones
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- retenciones
ALTER TABLE estimates.retenciones ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_retenciones ON estimates.retenciones;
CREATE POLICY tenant_isolation_retenciones ON estimates.retenciones
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- fondo_garantia
ALTER TABLE estimates.fondo_garantia ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_fondo_garantia ON estimates.fondo_garantia;
CREATE POLICY tenant_isolation_fondo_garantia ON estimates.fondo_garantia
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- estimacion_workflow
ALTER TABLE estimates.estimacion_workflow ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_estimacion_workflow ON estimates.estimacion_workflow;
CREATE POLICY tenant_isolation_estimacion_workflow ON estimates.estimacion_workflow
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- ============================================================================
-- SCHEMA: infonavit (8 tablas)
-- ============================================================================

-- registro_infonavit
ALTER TABLE infonavit.registro_infonavit ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_registro_infonavit ON infonavit.registro_infonavit;
CREATE POLICY tenant_isolation_registro_infonavit ON infonavit.registro_infonavit
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- oferta_vivienda
ALTER TABLE infonavit.oferta_vivienda ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_oferta_vivienda ON infonavit.oferta_vivienda;
CREATE POLICY tenant_isolation_oferta_vivienda ON infonavit.oferta_vivienda
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- derechohabientes
ALTER TABLE infonavit.derechohabientes ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_derechohabientes ON infonavit.derechohabientes;
CREATE POLICY tenant_isolation_derechohabientes ON infonavit.derechohabientes
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- asignacion_vivienda
ALTER TABLE infonavit.asignacion_vivienda ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_asignacion_vivienda ON infonavit.asignacion_vivienda;
CREATE POLICY tenant_isolation_asignacion_vivienda ON infonavit.asignacion_vivienda
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- actas
ALTER TABLE infonavit.actas ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_actas ON infonavit.actas;
CREATE POLICY tenant_isolation_actas ON infonavit.actas
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- acta_viviendas
ALTER TABLE infonavit.acta_viviendas ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_acta_viviendas ON infonavit.acta_viviendas;
CREATE POLICY tenant_isolation_acta_viviendas ON infonavit.acta_viviendas
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- reportes_infonavit
ALTER TABLE infonavit.reportes_infonavit ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_reportes_infonavit ON infonavit.reportes_infonavit;
CREATE POLICY tenant_isolation_reportes_infonavit ON infonavit.reportes_infonavit
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- historico_puntos
ALTER TABLE infonavit.historico_puntos ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_historico_puntos ON infonavit.historico_puntos;
CREATE POLICY tenant_isolation_historico_puntos ON infonavit.historico_puntos
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- ============================================================================
-- SCHEMA: inventory (4 tablas de extension construccion)
-- ============================================================================

-- almacenes_proyecto
ALTER TABLE inventory.almacenes_proyecto ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_almacenes_proyecto ON inventory.almacenes_proyecto;
CREATE POLICY tenant_isolation_almacenes_proyecto ON inventory.almacenes_proyecto
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- requisiciones_obra
ALTER TABLE inventory.requisiciones_obra ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_requisiciones_obra ON inventory.requisiciones_obra;
CREATE POLICY tenant_isolation_requisiciones_obra ON inventory.requisiciones_obra
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- requisicion_lineas
ALTER TABLE inventory.requisicion_lineas ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_requisicion_lineas ON inventory.requisicion_lineas;
CREATE POLICY tenant_isolation_requisicion_lineas ON inventory.requisicion_lineas
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- consumos_obra
ALTER TABLE inventory.consumos_obra ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_consumos_obra ON inventory.consumos_obra;
CREATE POLICY tenant_isolation_consumos_obra ON inventory.consumos_obra
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- ============================================================================
-- SCHEMA: purchase (5 tablas de extension construccion)
-- ============================================================================

-- purchase_order_construction
ALTER TABLE purchase.purchase_order_construction ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_purchase_order_construction ON purchase.purchase_order_construction;
CREATE POLICY tenant_isolation_purchase_order_construction ON purchase.purchase_order_construction
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- supplier_construction
ALTER TABLE purchase.supplier_construction ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_supplier_construction ON purchase.supplier_construction;
CREATE POLICY tenant_isolation_supplier_construction ON purchase.supplier_construction
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- comparativo_cotizaciones
ALTER TABLE purchase.comparativo_cotizaciones ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_comparativo_cotizaciones ON purchase.comparativo_cotizaciones;
CREATE POLICY tenant_isolation_comparativo_cotizaciones ON purchase.comparativo_cotizaciones
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- comparativo_proveedores
ALTER TABLE purchase.comparativo_proveedores ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_comparativo_proveedores ON purchase.comparativo_proveedores;
CREATE POLICY tenant_isolation_comparativo_proveedores ON purchase.comparativo_proveedores
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- comparativo_productos
ALTER TABLE purchase.comparativo_productos ENABLE ROW LEVEL SECURITY;
DROP POLICY IF EXISTS tenant_isolation_comparativo_productos ON purchase.comparativo_productos;
CREATE POLICY tenant_isolation_comparativo_productos ON purchase.comparativo_productos
    USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid);

-- ============================================================================
-- RESUMEN DE POLITICAS RLS
-- ============================================================================
-- Total de tablas con RLS:
--   - construction: 24 tablas
--   - hr: 3 tablas
--   - hse: 34 tablas
--   - estimates: 8 tablas
--   - infonavit: 8 tablas
--   - inventory: 4 tablas
--   - purchase: 5 tablas
--   -----------------------
--   TOTAL: 86 tablas
-- ============================================================================

-- ============================================================================
-- FIN DE RLS POLICIES
-- ============================================================================