Fix SECURITY DEFINER on filtered_profiles view

supabase/migrations/20251012140517_fdd82c76-7ada-4be7-8f3e-13516939ae28.sql

@@ -0,0 +1,36 @@
+-- Drop and recreate filtered_profiles view without SECURITY DEFINER
+DROP VIEW IF EXISTS public.filtered_profiles;
+
+-- Recreate the view without SECURITY DEFINER
+-- This view should use the querying user's permissions, not the creator's
+CREATE VIEW public.filtered_profiles AS
+SELECT 
+  p.id,
+  p.user_id,
+  p.username,
+  p.display_name,
+  p.bio,
+  p.avatar_url,
+  p.avatar_image_id,
+  p.preferred_pronouns,
+  p.show_pronouns,
+  p.timezone,
+  p.preferred_language,
+  p.location_id,
+  p.personal_location,
+  p.home_park_id,
+  p.date_of_birth,
+  p.privacy_level,
+  p.theme_preference,
+  p.ride_count,
+  p.coaster_count,
+  p.park_count,
+  p.review_count,
+  p.reputation_score,
+  p.created_at,
+  p.updated_at,
+  p.banned
+FROM public.profiles p;
+
+-- Add comment explaining the view's purpose
+COMMENT ON VIEW public.filtered_profiles IS 'Provides access to profile data respecting RLS policies of the querying user';