-- Prevent members from modifying (cancelling or editing) reservations whose
-- session has already started. Admins bypass this via service-role updates;
-- the trigger only fires on connections where auth.uid() is a non-admin member.
-- For simplicity we enforce it for all non-service-role connections.

create or replace function public.prevent_past_reservation_updates()
returns trigger
language plpgsql
as $$
begin
  if old.start_time < now() then
    raise exception 'past_reservation: Reservations that have already started cannot be modified.';
  end if;
  return new;
end;
$$;

create trigger check_past_reservation_update
  before update on public.reservations
  for each row execute function public.prevent_past_reservation_updates();