-- ============================================
-- SAAS-022: Goals RLS Policies
-- Tenant isolation for all tables
-- ============================================

-- ─────────────────────────────────────────────
-- Definitions RLS
-- ─────────────────────────────────────────────
ALTER TABLE goals.definitions ENABLE ROW LEVEL SECURITY;

CREATE POLICY definitions_tenant_isolation_select ON goals.definitions
    FOR SELECT USING (tenant_id = auth.get_current_tenant());

CREATE POLICY definitions_tenant_isolation_insert ON goals.definitions
    FOR INSERT WITH CHECK (tenant_id = auth.get_current_tenant());

CREATE POLICY definitions_tenant_isolation_update ON goals.definitions
    FOR UPDATE USING (tenant_id = auth.get_current_tenant());

CREATE POLICY definitions_tenant_isolation_delete ON goals.definitions
    FOR DELETE USING (tenant_id = auth.get_current_tenant());

-- ─────────────────────────────────────────────
-- Assignments RLS
-- ─────────────────────────────────────────────
ALTER TABLE goals.assignments ENABLE ROW LEVEL SECURITY;

CREATE POLICY assignments_tenant_isolation_select ON goals.assignments
    FOR SELECT USING (tenant_id = auth.get_current_tenant());

CREATE POLICY assignments_tenant_isolation_insert ON goals.assignments
    FOR INSERT WITH CHECK (tenant_id = auth.get_current_tenant());

CREATE POLICY assignments_tenant_isolation_update ON goals.assignments
    FOR UPDATE USING (tenant_id = auth.get_current_tenant());

CREATE POLICY assignments_tenant_isolation_delete ON goals.assignments
    FOR DELETE USING (tenant_id = auth.get_current_tenant());

-- ─────────────────────────────────────────────
-- Progress Log RLS
-- ─────────────────────────────────────────────
ALTER TABLE goals.progress_log ENABLE ROW LEVEL SECURITY;

CREATE POLICY progress_log_tenant_isolation_select ON goals.progress_log
    FOR SELECT USING (tenant_id = auth.get_current_tenant());

CREATE POLICY progress_log_tenant_isolation_insert ON goals.progress_log
    FOR INSERT WITH CHECK (tenant_id = auth.get_current_tenant());

CREATE POLICY progress_log_tenant_isolation_update ON goals.progress_log
    FOR UPDATE USING (tenant_id = auth.get_current_tenant());

CREATE POLICY progress_log_tenant_isolation_delete ON goals.progress_log
    FOR DELETE USING (tenant_id = auth.get_current_tenant());

-- ─────────────────────────────────────────────
-- Milestone Notifications RLS
-- ─────────────────────────────────────────────
ALTER TABLE goals.milestone_notifications ENABLE ROW LEVEL SECURITY;

CREATE POLICY milestone_notifications_tenant_isolation_select ON goals.milestone_notifications
    FOR SELECT USING (tenant_id = auth.get_current_tenant());

CREATE POLICY milestone_notifications_tenant_isolation_insert ON goals.milestone_notifications
    FOR INSERT WITH CHECK (tenant_id = auth.get_current_tenant());

CREATE POLICY milestone_notifications_tenant_isolation_update ON goals.milestone_notifications
    FOR UPDATE USING (tenant_id = auth.get_current_tenant());

CREATE POLICY milestone_notifications_tenant_isolation_delete ON goals.milestone_notifications
    FOR DELETE USING (tenant_id = auth.get_current_tenant());