-- Drop the overly-broad SELECT policy that allowed any authenticated user to read
-- all reservations. Non-owner visibility is now handled by the reservation_slots
-- view (security_invoker, exposes only id/boat_id/start_time/end_time/status).
drop policy if exists "Authenticated users can read non-private reservation slots" on public.reservations;