-- RLS for garments and garment_wears
-- Run AFTER 0001_wardrobe_tables.sql has been applied
-- Apply as superuser: psql $DATABASE_URL_SUPERUSER -f drizzle/manual/06-wardrobe-rls.sql

ALTER TABLE garments      ENABLE ROW LEVEL SECURITY;
ALTER TABLE garment_wears ENABLE ROW LEVEL SECURITY;

-- Both tables carry family_id directly, so we use the same direct comparison
-- pattern as family_invites rather than the child_id subquery pattern.
-- FOR ALL with USING also enforces WITH CHECK on INSERT (prevents cross-family writes).
CREATE POLICY family_isolation ON garments
  FOR ALL USING (family_id = current_setting('app.current_family_id', true)::uuid);

CREATE POLICY family_isolation ON garment_wears
  FOR ALL USING (family_id = current_setting('app.current_family_id', true)::uuid);

-- W9: Saved outfits
ALTER TABLE outfits ENABLE ROW LEVEL SECURITY;

CREATE POLICY family_isolation ON outfits
  FOR ALL USING (family_id = current_setting('app.current_family_id', true)::uuid);