signature/supabase/migrations/002_storage.sql

-- Créer le bucket pour les images
INSERT INTO storage.buckets (id, name, public, file_size_limit, allowed_mime_types)
VALUES (
  'images',
  'images',
  true,
  5242880, -- 5MB max
  ARRAY['image/jpeg', 'image/png', 'image/gif', 'image/webp']
)
ON CONFLICT (id) DO NOTHING;

-- Politique: Tout le monde peut voir les images publiques
CREATE POLICY "Images publiques accessibles" ON storage.objects
  FOR SELECT USING (bucket_id = 'images');

-- Politique: Utilisateurs authentifiés peuvent uploader
CREATE POLICY "Users authentifies peuvent uploader" ON storage.objects
  FOR INSERT WITH CHECK (
    bucket_id = 'images'
    AND auth.role() = 'authenticated'
  );

-- Politique: Admins peuvent tout faire sur les images
CREATE POLICY "Admins gestion complete images" ON storage.objects
  FOR ALL USING (
    bucket_id = 'images'
    AND EXISTS (SELECT 1 FROM admins WHERE user_id = auth.uid())
  );

-- Politique: Users peuvent supprimer leurs propres uploads
CREATE POLICY "Users peuvent supprimer leurs images" ON storage.objects
  FOR DELETE USING (
    bucket_id = 'images'
    AND auth.uid()::text = (storage.foldername(name))[1]
  );