@nextblock-cms/db 0.2.8 → 0.2.10

package/supabase/migrations/20250514171550_create_posts_table.sql

@@ -1,61 +0,0 @@
--- lowercase sql
-
-create table public.posts (
-  id bigint generated by default as identity primary key,
-  language_id bigint not null references public.languages(id) on delete cascade,
-  author_id uuid references public.profiles(id) on delete set null,
-  title text not null,
-  slug text not null,
-  excerpt text,
-  status public.page_status not null default 'draft', -- reuse page_status
-  published_at timestamp with time zone,
-  meta_title text,
-  meta_description text,
-  created_at timestamp with time zone not null default now(),
-  updated_at timestamp with time zone not null default now()
-);
-
-comment on table public.posts is 'stores blog posts or news articles.';
-comment on column public.posts.slug is 'url-friendly identifier, unique per language.';
-comment on column public.posts.excerpt is 'a short summary of the post.';
-comment on column public.posts.published_at is 'date and time for publication.';
-
-alter table public.posts
-  add constraint posts_language_id_slug_key unique (language_id, slug);
-
-alter table public.posts enable row level security;
-
-create policy "posts_are_publicly_readable_when_published"
-on public.posts for select
-to anon, authenticated
-using (status = 'published' and (published_at is null or published_at <= now()));
-
-create policy "authors_writers_admins_can_read_own_draft_posts"
-on public.posts for select
-to authenticated
-using (
-  (status <> 'published' and author_id = auth.uid()) or
-  (status <> 'published'and public.get_current_user_role() in ('ADMIN', 'WRITER'))
-);
-
-create policy "admins_and_writers_can_manage_posts"
-on public.posts for all
-to authenticated
-using (public.get_current_user_role() in ('ADMIN', 'WRITER'))
-with check (public.get_current_user_role() in ('ADMIN', 'WRITER'));
-
-create or replace function public.handle_posts_update()
-returns trigger
-language plpgsql
-security definer set search_path = public
-as $$
-begin
-  new.updated_at = now();
-  return new;
-end;
-$$;
-
-create trigger on_posts_update
-  before update on public.posts
-  for each row
-  execute procedure public.handle_posts_update();

package/supabase/migrations/20250514171552_create_media_table.sql

@@ -1,45 +0,0 @@
--- lowercase sql
-
-create table public.media (
-  id uuid primary key default gen_random_uuid(),
-  uploader_id uuid references public.profiles(id) on delete set null,
-  file_name text not null,
-  object_key text not null unique,
-  file_type text,
-  size_bytes bigint,
-  description text,
-  created_at timestamp with time zone not null default now(),
-  updated_at timestamp with time zone not null default now()
-);
-
-comment on table public.media is 'stores information about uploaded media assets.';
-comment on column public.media.object_key is 'unique key (path) in cloudflare r2.';
-
-alter table public.media enable row level security;
-
-create policy "media_is_readable_by_all"
-on public.media for select
-to anon, authenticated
-using (true);
-
-create policy "admins_and_writers_can_manage_media"
-on public.media for all
-to authenticated
-using (public.get_current_user_role() in ('ADMIN', 'WRITER'))
-with check (public.get_current_user_role() in ('ADMIN', 'WRITER'));
-
-create or replace function public.handle_media_update()
-returns trigger
-language plpgsql
-security definer set search_path = public
-as $$
-begin
-  new.updated_at = now();
-  return new;
-end;
-$$;
-
-create trigger on_media_update
-  before update on public.media
-  for each row
-  execute procedure public.handle_media_update();

package/supabase/migrations/20250514171553_create_blocks_table.sql

@@ -1,54 +0,0 @@
--- lowercase sql
-
-create table public.blocks (
-  id bigint generated by default as identity primary key,
-  page_id bigint references public.pages(id) on delete cascade,
-  post_id bigint references public.posts(id) on delete cascade,
-  language_id bigint not null references public.languages(id) on delete cascade,
-  block_type text not null,
-  content jsonb,
-  "order" integer not null default 0,
-  created_at timestamp with time zone not null default now(),
-  updated_at timestamp with time zone not null default now(),
-  constraint check_exactly_one_parent check (
-    (page_id is not null and post_id is null) or
-    (post_id is not null and page_id is null)
-  )
-);
-
-comment on table public.blocks is 'stores content blocks for pages and posts.';
-comment on column public.blocks.block_type is 'type of the block, e.g., "text", "image".';
-comment on column public.blocks.content is 'jsonb content specific to the block_type.';
-comment on column public.blocks.order is 'sort order of the block.';
-
-alter table public.blocks enable row level security;
-
-create policy "blocks_are_readable_if_parent_is_published"
-on public.blocks for select
-to anon, authenticated
-using (
-  (page_id is not null and exists(select 1 from public.pages p where p.id = blocks.page_id and p.status = 'published')) or
-  (post_id is not null and exists(select 1 from public.posts pt where pt.id = blocks.post_id and pt.status = 'published' and (pt.published_at is null or pt.published_at <= now())))
-);
-
-create policy "admins_and_writers_can_manage_blocks"
-on public.blocks for all
-to authenticated
-using (public.get_current_user_role() in ('ADMIN', 'WRITER'))
-with check (public.get_current_user_role() in ('ADMIN', 'WRITER'));
-
-create or replace function public.handle_blocks_update()
-returns trigger
-language plpgsql
-security definer set search_path = public
-as $$
-begin
-  new.updated_at = now();
-  return new;
-end;
-$$;
-
-create trigger on_blocks_update
-  before update on public.blocks
-  for each row
-  execute procedure public.handle_blocks_update();

package/supabase/migrations/20250514171615_create_navigation_table.sql

@@ -1,56 +0,0 @@
--- lowercase sql
-
-do $$
-begin
-  if not exists (select 1 from pg_type where typname = 'menu_location') then
-    create type public.menu_location as enum ('HEADER', 'FOOTER', 'SIDEBAR');
-  end if;
-end
-$$;
-
-create table public.navigation_items (
-  id bigint generated by default as identity primary key,
-  language_id bigint not null references public.languages(id) on delete cascade,
-  menu_key public.menu_location not null,
-  label text not null,
-  url text not null,
-  parent_id bigint references public.navigation_items(id) on delete cascade,
-  "order" integer not null default 0,
-  page_id bigint references public.pages(id) on delete set null,
-  created_at timestamp with time zone not null default now(),
-  updated_at timestamp with time zone not null default now()
-);
-
-comment on table public.navigation_items is 'stores navigation menu items.';
-comment on column public.navigation_items.menu_key is 'identifies the menu this item belongs to.';
-
-create index idx_navigation_items_menu_lang_order on public.navigation_items (menu_key, language_id, "order");
-
-alter table public.navigation_items enable row level security;
-
-create policy "navigation_is_publicly_readable"
-on public.navigation_items for select
-to anon, authenticated
-using (true);
-
-create policy "admins_can_manage_navigation"
-on public.navigation_items for all
-to authenticated
-using (public.get_current_user_role() = 'ADMIN')
-with check (public.get_current_user_role() = 'ADMIN');
-
-create or replace function public.handle_navigation_items_update()
-returns trigger
-language plpgsql
-security definer set search_path = public
-as $$
-begin
-  new.updated_at = now();
-  return new;
-end;
-$$;
-
-create trigger on_navigation_items_update
-  before update on public.navigation_items
-  for each row
-  execute procedure public.handle_navigation_items_update();

package/supabase/migrations/20250514171627_rls_policies_for_content_tables.sql

@@ -1,70 +0,0 @@
--- supabase/migrations/YYYYMMDDHHMMSS_rls_policies_for_content_tables.sql
--- lowercase sql
-
-begin;
-
---
--- Pages Table RLS
---
-alter table public.pages enable row level security;
-
-drop policy if exists "authors_writers_admins_can_read_own_or_all_drafts" on public.pages;
--- allow authenticated users (authors, writers, admins) to read their own or all non-published pages
-create policy "authors_writers_admins_can_read_own_or_all_drafts"
-on public.pages for select
-to authenticated
-using (
-  (status <> 'published' and author_id = auth.uid()) or -- author can read their own non-published
-  (status <> 'published' and public.get_current_user_role() in ('ADMIN', 'WRITER')) -- admins/writers can read all non-published
-);
-
---
--- Posts Table RLS
---
-alter table public.posts enable row level security;
-
-drop policy if exists "authors_writers_admins_can_read_own_or_all_draft_posts" on public.posts;
--- allow authenticated users (authors, writers, admins) to read their own or all non-published posts
-create policy "authors_writers_admins_can_read_own_or_all_draft_posts"
-on public.posts for select
-to authenticated
-using (
-  (status <> 'published' and author_id = auth.uid()) or
-  (status <> 'published'and public.get_current_user_role() in ('ADMIN', 'WRITER'))
-);
-
---
--- Media Table RLS
---
-alter table public.media enable row level security;
-
-
---
--- Blocks Table RLS
---
-alter table public.blocks enable row level security;
-
-drop policy if exists "blocks_are_readable_if_parent_is_published" on public.blocks;
--- allow anonymous and authenticated users to read blocks if their parent page/post is published
-create policy "blocks_are_readable_if_parent_is_published"
-on public.blocks for select
-to anon, authenticated
-using (
-  (page_id is not null and exists(select 1 from public.pages p where p.id = blocks.page_id and p.status = 'published')) or
-  (post_id is not null and exists(select 1 from public.posts pt where pt.id = blocks.post_id and pt.status = 'published' and (pt.published_at is null or pt.published_at <= now())))
-);
-
--- allow admins and writers to insert, update, delete blocks
-drop policy if exists "admins_and_writers_can_manage_blocks" on public.blocks;
-create policy "admins_and_writers_can_manage_blocks"
-on public.blocks for all
-to authenticated
-using (public.get_current_user_role() in ('ADMIN', 'WRITER'))
-with check (public.get_current_user_role() in ('ADMIN', 'WRITER'));
-
---
--- Navigation Items Table RLS
---
-alter table public.navigation_items enable row level security;
-
-commit;

package/supabase/migrations/20250515194800_add_translation_group_id.sql

@@ -1,39 +0,0 @@
--- supabase/migrations/YYYYMMDDHHMMSS_add_translation_group_id.sql
-
-ALTER TABLE public.pages
-ADD COLUMN translation_group_id UUID DEFAULT gen_random_uuid() NOT NULL;
-
-COMMENT ON COLUMN public.pages.translation_group_id IS 'Groups different language versions of the same conceptual page.';
-
-CREATE INDEX IF NOT EXISTS idx_pages_translation_group_id ON public.pages(translation_group_id);
-
--- For existing pages, you'll need to manually group them.
--- Example: If page ID 1 (EN) and page ID 10 (FR) are the same conceptual page:
--- UPDATE public.pages SET translation_group_id = (SELECT translation_group_id FROM public.pages WHERE id = 1) WHERE id = 10;
--- Or, for all pages that share a slug currently (from the previous model):
--- WITH slug_groups AS (
---   SELECT slug, MIN(id) as first_id, gen_random_uuid() as new_group_id
---   FROM public.pages
---   GROUP BY slug
---   HAVING COUNT(*) > 1 -- Only for slugs that were shared
--- )
--- UPDATE public.pages p
--- SET translation_group_id = sg.new_group_id
--- FROM slug_groups sg
--- WHERE p.slug = sg.slug;
---
--- UPDATE public.pages p
--- SET translation_group_id = gen_random_uuid()
--- WHERE p.translation_group_id IS NULL AND EXISTS (
---   SELECT 1 FROM (
---     SELECT slug, COUNT(*) as c FROM public.pages GROUP BY slug
---   ) counts WHERE counts.slug = p.slug AND counts.c = 1
--- );
-
-
-ALTER TABLE public.posts
-ADD COLUMN translation_group_id UUID DEFAULT gen_random_uuid() NOT NULL;
-
-COMMENT ON COLUMN public.posts.translation_group_id IS 'Groups different language versions of the same conceptual post.';
-
-CREATE INDEX IF NOT EXISTS idx_posts_translation_group_id ON public.posts(translation_group_id);

package/supabase/migrations/20250520171900_add_translation_group_to_nav_items.sql

@@ -1,21 +0,0 @@
--- supabase/migrations/YYYYMMDDHHMMSS_add_translation_group_to_nav_items.sql
--- Replace YYYYMMDDHHMMSS with the actual timestamp, e.g., 20250520171700
-
-ALTER TABLE public.navigation_items
-ADD COLUMN translation_group_id UUID DEFAULT gen_random_uuid() NOT NULL;
-
-COMMENT ON COLUMN public.navigation_items.translation_group_id IS 'Groups different language versions of the same conceptual navigation item.';
-
-CREATE INDEX IF NOT EXISTS idx_navigation_items_translation_group_id ON public.navigation_items(translation_group_id);
-
--- Note: For existing navigation items, you will need to manually group them if they are translations of each other.
--- For example, if item ID 5 (EN) and item ID 25 (FR) are the same conceptual link:
--- UPDATE public.navigation_items SET translation_group_id = (SELECT translation_group_id FROM public.navigation_items WHERE id = 5 LIMIT 1) WHERE id = 25;
--- Or, assign a new group ID to both if they weren't grouped yet:
--- WITH new_group AS (SELECT gen_random_uuid() as new_id)
--- UPDATE public.navigation_items
--- SET translation_group_id = (SELECT new_id FROM new_group)
--- WHERE id IN (5, 25);
---
--- It's recommended to do this grouping manually based on your existing data logic.
--- New items created through the updated CMS logic will automatically get grouped.

package/supabase/migrations/20250521143933_seed_homepage_and_nav.sql

@@ -1,64 +0,0 @@
--- supabase/migrations/YYYYMMDDHHMMSS_seed_homepage_and_nav.sql
--- Replace YYYYMMDDHHMMSS with the actual timestamp, e.g., 20250521100000
-
-DO $$
-DECLARE
-  en_lang_id BIGINT;
-  fr_lang_id BIGINT;
-  admin_user_id UUID;
-  home_page_translation_group UUID;
-  home_nav_translation_group UUID;
-  en_home_page_id BIGINT;
-  fr_home_page_id BIGINT;
-BEGIN
-  -- Get language IDs
-  SELECT id INTO en_lang_id FROM public.languages WHERE code = 'en' LIMIT 1;
-  SELECT id INTO fr_lang_id FROM public.languages WHERE code = 'fr' LIMIT 1;
-
-  -- Get an admin user ID to set as author (optional, fallback to NULL)
-  SELECT id INTO admin_user_id FROM public.profiles WHERE role = 'ADMIN' LIMIT 1;
-
-  -- Check if languages were found
-  IF en_lang_id IS NULL THEN
-    RAISE EXCEPTION 'English language (en) not found. Please seed languages first.';
-  END IF;
-  IF fr_lang_id IS NULL THEN
-    RAISE EXCEPTION 'French language (fr) not found. Please seed languages first.';
-  END IF;
-
-  -- Generate translation group UUIDs
-  home_page_translation_group := gen_random_uuid();
-  home_nav_translation_group := gen_random_uuid();
-
-  -- Seed English Homepage
-  INSERT INTO public.pages (language_id, author_id, title, slug, status, meta_title, meta_description, translation_group_id)
-  VALUES (en_lang_id, admin_user_id, 'Home', 'home', 'published', 'Homepage', 'This is the homepage.', home_page_translation_group)
-  RETURNING id INTO en_home_page_id;
-
-  -- Seed French Homepage (Accueil)
-  INSERT INTO public.pages (language_id, author_id, title, slug, status, meta_title, meta_description, translation_group_id)
-  VALUES (fr_lang_id, admin_user_id, 'Accueil', 'accueil', 'published', 'Page d''accueil', 'Ceci est la page d''accueil.', home_page_translation_group)
-  RETURNING id INTO fr_home_page_id;
-
-  -- Seed initial content block for English Homepage (optional)
-  IF en_home_page_id IS NOT NULL THEN
-    INSERT INTO public.blocks (page_id, language_id, block_type, content, "order")
-    VALUES (en_home_page_id, en_lang_id, 'text', '{"html_content": "<p>Welcome to the English homepage!</p><p>This content is dynamically managed by the CMS.</p>"}', 0);
-  END IF;
-
-  -- Seed initial content block for French Homepage (optional)
-  IF fr_home_page_id IS NOT NULL THEN
-    INSERT INTO public.blocks (page_id, language_id, block_type, content, "order")
-    VALUES (fr_home_page_id, fr_lang_id, 'text', '{"html_content": "<p>Bienvenue sur la page d''accueil en français !</p><p>Ce contenu est géré dynamiquement par le CMS.</p>"}', 0);
-  END IF;
-
-  -- Seed English Navigation Item for Homepage (linked to the English page, but URL is root)
-  INSERT INTO public.navigation_items (language_id, menu_key, label, url, "order", page_id, translation_group_id)
-  VALUES (en_lang_id, 'HEADER', 'Home', '/', 0, en_home_page_id, home_nav_translation_group);
-
-  -- Seed French Navigation Item for Homepage (linked to the French page, but URL is root)
-  INSERT INTO public.navigation_items (language_id, menu_key, label, url, "order", page_id, translation_group_id)
-  VALUES (fr_lang_id, 'HEADER', 'Accueil', '/', 0, fr_home_page_id, home_nav_translation_group);
-
-  RAISE NOTICE 'Homepage and navigation links seeded for EN and FR.';
-END $$;

package/supabase/migrations/20250523145833_add_feature_image_to_posts.sql

@@ -1,8 +0,0 @@
-ALTER TABLE public.posts
-ADD COLUMN feature_image_id UUID,
-ADD CONSTRAINT fk_feature_image
-    FOREIGN KEY (feature_image_id)
-    REFERENCES public.media(id)
-    ON DELETE SET NULL;
-
-COMMENT ON COLUMN public.posts.feature_image_id IS 'ID of the media item to be used as the post''s feature image.';

package/supabase/migrations/20250523151737_add_rls_to_media_table.sql

@@ -1,18 +0,0 @@
--- Drop existing policies if they exist, then recreate them.
-
--- Policy for public read access
-DROP POLICY IF EXISTS "media_are_publicly_readable" ON public.media;
-
-CREATE POLICY "media_are_publicly_readable"
-ON public.media FOR SELECT
-TO anon, authenticated
-USING (true);
-
--- Policy for admin/writer management
-DROP POLICY IF EXISTS "admins_and_writers_can_manage_media" ON public.media;
-
-CREATE POLICY "admins_and_writers_can_manage_media"
-ON public.media FOR ALL
-TO authenticated
-USING (public.get_current_user_role() IN ('ADMIN', 'WRITER'))
-WITH CHECK (public.get_current_user_role() IN ('ADMIN', 'WRITER'));

package/supabase/migrations/20250526110400_add_image_dimensions_to_media.sql

@@ -1,14 +0,0 @@
-ALTER TABLE public.media
-ADD COLUMN width INTEGER,
-ADD COLUMN height INTEGER;
-
--- Optional: Add a comment to describe the new columns
-COMMENT ON COLUMN public.media.width IS 'Width of the image in pixels.';
-COMMENT ON COLUMN public.media.height IS 'Height of the image in pixels.';
-
--- Backfill existing image media with nulls, or you might want to run a script later to populate them if possible
--- For now, they will be NULL by default.
-
--- Re-apply RLS policies if necessary, though ADD COLUMN usually doesn't require it unless policies are column-specific
--- and these new columns need to be included or excluded.
--- For simplicity, assuming existing policies are fine.

package/supabase/migrations/20250526153321_optimize_rls_policies.sql

@@ -1,188 +0,0 @@
--- supabase/migrations/YYYYMMDDHHMMSS_optimize_rls_policies_v2.sql
--- Replace YYYYMMDDHHMMSS with the actual timestamp of this migration file.
-
-BEGIN;
-
--- == PROFILES ==
-DROP POLICY IF EXISTS "users_can_select_own_profile" ON public.profiles;
-DROP POLICY IF EXISTS "users_can_update_own_profile" ON public.profiles;
-DROP POLICY IF EXISTS "admins_can_select_any_profile" ON public.profiles;
-DROP POLICY IF EXISTS "admins_can_update_any_profile" ON public.profiles;
-
-CREATE POLICY "authenticated_can_read_profiles" ON public.profiles
-  FOR SELECT
-  TO authenticated
-  USING (
-    (id = (SELECT auth.uid())) OR
-    (public.get_current_user_role() = 'ADMIN')
-  );
-COMMENT ON POLICY "authenticated_can_read_profiles" ON public.profiles IS 'Authenticated users can read their own profile, and admins can read any profile.';
-
-CREATE POLICY "authenticated_can_update_profiles" ON public.profiles
-  FOR UPDATE
-  TO authenticated
-  USING (
-    (id = (SELECT auth.uid())) OR
-    (public.get_current_user_role() = 'ADMIN')
-  )
-  WITH CHECK (
-    (id = (SELECT auth.uid())) OR
-    (public.get_current_user_role() = 'ADMIN')
-  );
-COMMENT ON POLICY "authenticated_can_update_profiles" ON public.profiles IS 'Authenticated users can update their own profile, and admins can update any profile.';
-
--- Ensure admin insert policy is present and correct (it typically uses WITH CHECK on the role, not USING for insert)
-DROP POLICY IF EXISTS "admins_can_insert_profiles" ON public.profiles;
-CREATE POLICY "admins_can_insert_profiles" ON public.profiles
-    FOR INSERT TO authenticated
-    WITH CHECK (public.get_current_user_role() = 'ADMIN');
-COMMENT ON POLICY "admins_can_insert_profiles" ON public.profiles IS 'Admin users can insert new profiles.';
-
-
--- == PAGES ==
-DROP POLICY IF EXISTS "pages_are_publicly_readable_when_published" ON public.pages;
-DROP POLICY IF EXISTS "authors_writers_admins_can_read_own_drafts" ON public.pages;
-DROP POLICY IF EXISTS "authors_writers_admins_can_read_own_or_all_drafts" ON public.pages;
-DROP POLICY IF EXISTS "admins_and_writers_can_manage_pages" ON public.pages;
-
-CREATE POLICY "pages_anon_can_read_published" ON public.pages
-  FOR SELECT
-  TO anon
-  USING (status = 'published');
-COMMENT ON POLICY "pages_anon_can_read_published" ON public.pages IS 'Anonymous users can read published pages.';
-
-CREATE POLICY "pages_authenticated_access" ON public.pages
-  FOR SELECT
-  TO authenticated
-  USING (
-    (status = 'published') OR
-    (author_id = (SELECT auth.uid()) AND status <> 'published') OR
-    (public.get_current_user_role() IN ('ADMIN', 'WRITER'))
-  );
-COMMENT ON POLICY "pages_authenticated_access" ON public.pages IS 'Authenticated users can read published pages, their own drafts, or all pages if admin/writer.';
-
-CREATE POLICY "pages_admin_writer_management" ON public.pages
-  FOR ALL -- Changed from INSERT, UPDATE, DELETE
-  TO authenticated
-  USING (public.get_current_user_role() IN ('ADMIN', 'WRITER'))
-  WITH CHECK (public.get_current_user_role() IN ('ADMIN', 'WRITER'));
-COMMENT ON POLICY "pages_admin_writer_management" ON public.pages IS 'Admins and Writers can manage pages.';
-
-
--- == POSTS ==
-DROP POLICY IF EXISTS "posts_are_publicly_readable_when_published" ON public.posts;
-DROP POLICY IF EXISTS "authors_writers_admins_can_read_own_draft_posts" ON public.posts;
-DROP POLICY IF EXISTS "authors_writers_admins_can_read_own_or_all_draft_posts" ON public.posts;
-DROP POLICY IF EXISTS "admins_and_writers_can_manage_posts" ON public.posts;
-
-CREATE POLICY "posts_anon_can_read_published" ON public.posts
-  FOR SELECT
-  TO anon
-  USING (status = 'published' AND (published_at IS NULL OR published_at <= now()));
-COMMENT ON POLICY "posts_anon_can_read_published" ON public.posts IS 'Anonymous users can read published posts.';
-
-CREATE POLICY "posts_authenticated_access" ON public.posts
-  FOR SELECT
-  TO authenticated
-  USING (
-    (status = 'published' AND (published_at IS NULL OR published_at <= now())) OR
-    (author_id = (SELECT auth.uid()) AND status <> 'published') OR
-    (public.get_current_user_role() IN ('ADMIN', 'WRITER'))
-  );
-COMMENT ON POLICY "posts_authenticated_access" ON public.posts IS 'Authenticated users can read published posts, their own drafts, or all posts if admin/writer.';
-
-CREATE POLICY "posts_admin_writer_management" ON public.posts
-  FOR ALL -- Changed from INSERT, UPDATE, DELETE
-  TO authenticated
-  USING (public.get_current_user_role() IN ('ADMIN', 'WRITER'))
-  WITH CHECK (public.get_current_user_role() IN ('ADMIN', 'WRITER'));
-COMMENT ON POLICY "posts_admin_writer_management" ON public.posts IS 'Admins and Writers can manage posts.';
-
-
--- == BLOCKS ==
-DROP POLICY IF EXISTS "blocks_are_readable_if_parent_is_published" ON public.blocks;
-DROP POLICY IF EXISTS "admins_and_writers_can_manage_blocks" ON public.blocks;
-
-CREATE POLICY "blocks_anon_can_read_published" ON public.blocks
-  FOR SELECT
-  TO anon
-  USING (
-    (page_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.pages p WHERE p.id = blocks.page_id AND p.status = 'published')) OR
-    (post_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.posts pt WHERE pt.id = blocks.post_id AND pt.status = 'published' AND (pt.published_at IS NULL OR pt.published_at <= now())))
-  );
-COMMENT ON POLICY "blocks_anon_can_read_published" ON public.blocks IS 'Anonymous users can read blocks of published parent pages/posts.';
-
-CREATE POLICY "blocks_authenticated_access" ON public.blocks
-  FOR SELECT
-  TO authenticated
-  USING (
-    (public.get_current_user_role() IN ('ADMIN', 'WRITER')) OR
-    (
-      (public.get_current_user_role() = 'USER') AND (
-        (page_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.pages p WHERE p.id = blocks.page_id AND p.status = 'published')) OR
-        (post_id IS NOT NULL AND EXISTS(SELECT 1 FROM public.posts pt WHERE pt.id = blocks.post_id AND pt.status = 'published' AND (pt.published_at IS NULL OR pt.published_at <= now())))
-      )
-    )
-  );
-COMMENT ON POLICY "blocks_authenticated_access" ON public.blocks IS 'Admins/Writers can read all blocks; Users can read blocks of published parents.';
-
-CREATE POLICY "blocks_admin_writer_management" ON public.blocks
-  FOR ALL -- Changed from INSERT, UPDATE, DELETE
-  TO authenticated
-  USING (public.get_current_user_role() IN ('ADMIN', 'WRITER'))
-  WITH CHECK (public.get_current_user_role() IN ('ADMIN', 'WRITER'));
-COMMENT ON POLICY "blocks_admin_writer_management" ON public.blocks IS 'Admins and Writers can manage blocks.';
-
-
--- == LANGUAGES ==
-DROP POLICY IF EXISTS "languages_are_publicly_readable" ON public.languages;
-DROP POLICY IF EXISTS "admins_can_manage_languages" ON public.languages;
-
-CREATE POLICY "languages_are_publicly_readable_by_all" ON public.languages
-  FOR SELECT
-  USING (true);
-COMMENT ON POLICY "languages_are_publicly_readable_by_all" ON public.languages IS 'All users (anon and authenticated) can read languages.';
-
-CREATE POLICY "languages_admin_management" ON public.languages
-  FOR ALL -- Changed from INSERT, UPDATE, DELETE
-  TO authenticated
-  USING (public.get_current_user_role() = 'ADMIN')
-  WITH CHECK (public.get_current_user_role() = 'ADMIN');
-COMMENT ON POLICY "languages_admin_management" ON public.languages IS 'Admins can manage languages.';
-
-
--- == MEDIA ==
-DROP POLICY IF EXISTS "media_is_readable_by_all" ON public.media;
-DROP POLICY IF EXISTS "media_are_publicly_readable" ON public.media;
-DROP POLICY IF EXISTS "admins_and_writers_can_manage_media" ON public.media;
-
-CREATE POLICY "media_is_publicly_readable_by_all" ON public.media
-  FOR SELECT
-  USING (true);
-COMMENT ON POLICY "media_is_publicly_readable_by_all" ON public.media IS 'All users (anon and authenticated) can read media records.';
-
-CREATE POLICY "media_admin_writer_management" ON public.media
-  FOR ALL -- Changed from INSERT, UPDATE, DELETE
-  TO authenticated
-  USING (public.get_current_user_role() IN ('ADMIN', 'WRITER'))
-  WITH CHECK (public.get_current_user_role() IN ('ADMIN', 'WRITER'));
-COMMENT ON POLICY "media_admin_writer_management" ON public.media IS 'Admins and Writers can manage media records.';
-
-
--- == NAVIGATION ITEMS ==
-DROP POLICY IF EXISTS "navigation_is_publicly_readable" ON public.navigation_items;
-DROP POLICY IF EXISTS "admins_can_manage_navigation" ON public.navigation_items;
-
-CREATE POLICY "nav_items_are_publicly_readable_by_all" ON public.navigation_items
-  FOR SELECT
-  USING (true);
-COMMENT ON POLICY "nav_items_are_publicly_readable_by_all" ON public.navigation_items IS 'All users (anon and authenticated) can read navigation items.';
-
-CREATE POLICY "nav_items_admin_management" ON public.navigation_items
-  FOR ALL -- Changed from INSERT, UPDATE, DELETE
-  TO authenticated
-  USING (public.get_current_user_role() = 'ADMIN')
-  WITH CHECK (public.get_current_user_role() = 'ADMIN');
-COMMENT ON POLICY "nav_items_admin_management" ON public.navigation_items IS 'Admins can manage navigation items.';
-
-COMMIT;