-- Create boat-images storage bucket
insert into storage.buckets (id, name, public, file_size_limit, allowed_mime_types)
values (
  'boat-images',
  'boat-images',
  true,
  10485760,
  array['image/jpeg', 'image/png', 'image/webp']
)
on conflict (id) do nothing;

-- Public read (bucket is public, but explicit policy is required for RLS)
create policy "Anyone can read boat images" on storage.objects
  for select using (bucket_id = 'boat-images');

-- Admins/boatswains can upload
create policy "Admins can upload boat images" on storage.objects
  for insert with check (
    bucket_id = 'boat-images' and
    exists (
      select 1 from public.members
      where user_id = auth.uid() and role in ('admin', 'boatswain')
    )
  );

-- Admins/boatswains can replace/update
create policy "Admins can update boat images" on storage.objects
  for update using (
    bucket_id = 'boat-images' and
    exists (
      select 1 from public.members
      where user_id = auth.uid() and role in ('admin', 'boatswain')
    )
  );

-- Admins/boatswains can delete
create policy "Admins can delete boat images" on storage.objects
  for delete using (
    bucket_id = 'boat-images' and
    exists (
      select 1 from public.members
      where user_id = auth.uid() and role in ('admin', 'boatswain')
    )
  );