From 4d21dc4435abbe3b5340737ea6345ab2fcdb590c Mon Sep 17 00:00:00 2001
From: "gpt-engineer-app[bot]"
 <159125892+gpt-engineer-app[bot]@users.noreply.github.com>
Date: Tue, 28 Oct 2025 18:25:06 +0000
Subject: [PATCH] Fix RLS policy for contact submissions

---
 ...2449_4ee01789-9915-461d-8044-a15063276d54.sql | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 supabase/migrations/20251028182449_4ee01789-9915-461d-8044-a15063276d54.sql

diff --git a/supabase/migrations/20251028182449_4ee01789-9915-461d-8044-a15063276d54.sql b/supabase/migrations/20251028182449_4ee01789-9915-461d-8044-a15063276d54.sql
new file mode 100644
index 00000000..dc2b5c68
--- /dev/null
+++ b/supabase/migrations/20251028182449_4ee01789-9915-461d-8044-a15063276d54.sql
@@ -0,0 +1,16 @@
+-- Fix RLS policy that's causing "permission denied for table users" error
+-- The issue is the policy tries to SELECT from auth.users which isn't allowed
+
+-- Drop the problematic policy
+DROP POLICY IF EXISTS "Users can view own contact submissions" ON public.contact_submissions;
+
+-- Recreate it using auth.jwt() to get email instead of querying auth.users
+CREATE POLICY "Users can view own contact submissions"
+ON public.contact_submissions
+FOR SELECT
+TO public
+USING (
+  user_id = auth.uid() 
+  OR 
+  (auth.uid() IS NOT NULL AND email = (auth.jwt() ->> 'email'))
+);
\ No newline at end of file