-- ==========================================================================
-- Agencia PSI — Migracao: Storage Buckets para Documentos
-- ==========================================================================
-- Criado por: Leonardo Nohama
-- Data: 2026-03-29 · Sao Carlos/SP — Brasil
--
-- Cria os buckets no Supabase Storage para documentos de pacientes
-- e PDFs gerados pelo sistema.
-- ==========================================================================

-- Bucket: documents (uploads de terapeuta/paciente)
INSERT INTO storage.buckets (id, name, public, file_size_limit, allowed_mime_types)
VALUES (
    'documents',
    'documents',
    false,
    52428800,  -- 50 MB
    ARRAY[
        'application/pdf',
        'image/jpeg', 'image/png', 'image/webp', 'image/gif',
        'application/msword',
        'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
        'application/vnd.ms-excel',
        'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
        'text/plain'
    ]
)
ON CONFLICT (id) DO NOTHING;

-- Bucket: generated-docs (PDFs gerados pelo sistema)
INSERT INTO storage.buckets (id, name, public, file_size_limit, allowed_mime_types)
VALUES (
    'generated-docs',
    'generated-docs',
    false,
    20971520,  -- 20 MB
    ARRAY['application/pdf']
)
ON CONFLICT (id) DO NOTHING;


-- --------------------------------------------------------------------------
-- Storage RLS Policies — bucket: documents
-- --------------------------------------------------------------------------

-- Upload: usuario autenticado pode fazer upload no path do seu tenant
CREATE POLICY "documents: authenticated upload"
    ON storage.objects
    FOR INSERT
    TO authenticated
    WITH CHECK (bucket_id = 'documents');

-- Download: usuario autenticado pode ler arquivos do seu tenant
CREATE POLICY "documents: authenticated read"
    ON storage.objects
    FOR SELECT
    TO authenticated
    USING (bucket_id = 'documents');

-- Delete: usuario autenticado pode deletar seus arquivos
CREATE POLICY "documents: authenticated delete"
    ON storage.objects
    FOR DELETE
    TO authenticated
    USING (bucket_id = 'documents');


-- --------------------------------------------------------------------------
-- Storage RLS Policies — bucket: generated-docs
-- --------------------------------------------------------------------------

CREATE POLICY "generated-docs: authenticated upload"
    ON storage.objects
    FOR INSERT
    TO authenticated
    WITH CHECK (bucket_id = 'generated-docs');

CREATE POLICY "generated-docs: authenticated read"
    ON storage.objects
    FOR SELECT
    TO authenticated
    USING (bucket_id = 'generated-docs');

CREATE POLICY "generated-docs: authenticated delete"
    ON storage.objects
    FOR DELETE
    TO authenticated
    USING (bucket_id = 'generated-docs');


-- ==========================================================================
-- FIM DA MIGRACAO
-- ==========================================================================