From fa8ba8969ad8bbbe9c33509ecfc37d43a1804f68 Mon Sep 17 00:00:00 2001
From: "gpt-engineer-app[bot]"
 <159125892+gpt-engineer-app[bot]@users.noreply.github.com>
Date: Wed, 29 Oct 2025 02:15:14 +0000
Subject: [PATCH] feat: Remove duplicate RLS policies

---
 ...504_d204025d-b78c-4816-a64b-ae4a0f9be7aa.sql | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 supabase/migrations/20251029021504_d204025d-b78c-4816-a64b-ae4a0f9be7aa.sql

diff --git a/supabase/migrations/20251029021504_d204025d-b78c-4816-a64b-ae4a0f9be7aa.sql b/supabase/migrations/20251029021504_d204025d-b78c-4816-a64b-ae4a0f9be7aa.sql
new file mode 100644
index 00000000..21237076
--- /dev/null
+++ b/supabase/migrations/20251029021504_d204025d-b78c-4816-a64b-ae4a0f9be7aa.sql
@@ -0,0 +1,17 @@
+-- Phase 7: Remove Genuinely Duplicate RLS Policies
+-- Target: 5 clear duplicates where ALL command makes specific actions redundant
+
+-- 1. park_location_history: ALL already includes SELECT
+DROP POLICY IF EXISTS "Moderators view location history" ON public.park_location_history;
+
+-- 2. ride_coaster_stats: Remove one of the duplicate ALL policies
+DROP POLICY IF EXISTS "Moderators manage coaster stats" ON public.ride_coaster_stats;
+
+-- 3. entity_timeline_events: Remove redundant deny UPDATE policy
+DROP POLICY IF EXISTS "Deny direct updates to timeline events" ON public.entity_timeline_events;
+
+-- 4. reports: Keep MFA-required version, drop non-MFA version
+DROP POLICY IF EXISTS "Moderators can update reports" ON public.reports;
+
+-- 5. request_metadata: ALL command includes INSERT
+DROP POLICY IF EXISTS "Service role can insert request metadata" ON public.request_metadata;
\ No newline at end of file