From d82d5719ec3404dba7649ad90e9ee62611d470b4 Mon Sep 17 00:00:00 2001
From: "gpt-engineer-app[bot]"
 <159125892+gpt-engineer-app[bot]@users.noreply.github.com>
Date: Sat, 4 Oct 2025 01:34:42 +0000
Subject: [PATCH] Fix profile viewing policy

---
 ...4013432_ea896b92-806c-457e-8cf0-6862e11b4925.sql | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 supabase/migrations/20251004013432_ea896b92-806c-457e-8cf0-6862e11b4925.sql

diff --git a/supabase/migrations/20251004013432_ea896b92-806c-457e-8cf0-6862e11b4925.sql b/supabase/migrations/20251004013432_ea896b92-806c-457e-8cf0-6862e11b4925.sql
new file mode 100644
index 00000000..d97532a0
--- /dev/null
+++ b/supabase/migrations/20251004013432_ea896b92-806c-457e-8cf0-6862e11b4925.sql
@@ -0,0 +1,13 @@
+-- Drop the restrictive authenticated-only policy
+DROP POLICY IF EXISTS "Authenticated users can view profiles" ON public.profiles;
+
+-- Create a new policy that allows both anonymous and authenticated users to view public profiles
+CREATE POLICY "Public can view non-banned public profiles"
+ON public.profiles
+FOR SELECT
+TO anon, authenticated
+USING (
+  (auth.uid() = user_id) 
+  OR is_moderator(auth.uid()) 
+  OR ((privacy_level = 'public') AND (NOT banned))
+);
\ No newline at end of file