From 4ce2dc897531c939baa9b84865b9a52f19e1490c Mon Sep 17 00:00:00 2001
From: "gpt-engineer-app[bot]"
 <159125892+gpt-engineer-app[bot]@users.noreply.github.com>
Date: Wed, 29 Oct 2025 02:06:15 +0000
Subject: [PATCH] Fix auth policies and consolidate

---
 ...2_57105525-e345-46e2-830d-39d3c653fe51.sql | 38 +++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 supabase/migrations/20251029020602_57105525-e345-46e2-830d-39d3c653fe51.sql

diff --git a/supabase/migrations/20251029020602_57105525-e345-46e2-830d-39d3c653fe51.sql b/supabase/migrations/20251029020602_57105525-e345-46e2-830d-39d3c653fe51.sql
new file mode 100644
index 00000000..e64f5291
--- /dev/null
+++ b/supabase/migrations/20251029020602_57105525-e345-46e2-830d-39d3c653fe51.sql
@@ -0,0 +1,38 @@
+-- Phase 6: Auth Function Optimization & Duplicate Policy Cleanup
+-- Part A: Fix auth_rls_initplan warnings (2 policies)
+
+-- 1. Optimize email_aliases.email_aliases_select_admin
+DROP POLICY IF EXISTS "email_aliases_select_admin" ON public.email_aliases;
+CREATE POLICY "email_aliases_select_admin" ON public.email_aliases
+  FOR SELECT
+  USING (
+    (COALESCE((((SELECT auth.jwt()) ->> 'is_admin'::text))::boolean, false) = true) 
+    AND has_aal2()
+  );
+
+-- 2. Optimize contact_submissions "Users can view own contact submissions"
+DROP POLICY IF EXISTS "Users can view own contact submissions" ON public.contact_submissions;
+CREATE POLICY "Users can view own contact submissions" ON public.contact_submissions
+  FOR SELECT
+  USING (
+    ((SELECT auth.uid()) = user_id) 
+    OR (((SELECT auth.uid()) IS NOT NULL) AND (email = ((SELECT auth.jwt()) ->> 'email'::text)))
+  );
+
+-- Part B: Remove duplicate policies (8 policies)
+
+-- Group 1: Remove short-named duplicate policies on tech specs tables
+DROP POLICY IF EXISTS "Public read model tech specs" ON public.ride_model_technical_specifications;
+DROP POLICY IF EXISTS "Moderators manage model tech specs" ON public.ride_model_technical_specifications;
+
+DROP POLICY IF EXISTS "Public read name history" ON public.ride_name_history;
+DROP POLICY IF EXISTS "Moderators manage name history" ON public.ride_name_history;
+
+DROP POLICY IF EXISTS "Public read ride tech specs" ON public.ride_technical_specifications;
+DROP POLICY IF EXISTS "Moderators manage ride tech specs" ON public.ride_technical_specifications;
+
+-- Group 2: Remove overlapping moderator view policy on profiles
+DROP POLICY IF EXISTS "Admins and moderators can view all profiles" ON public.profiles;
+
+-- Group 3: Consolidate list_items policies (ALL command already includes SELECT)
+DROP POLICY IF EXISTS "Users view own list items" ON public.list_items;
\ No newline at end of file