import { useState, useEffect } from 'react'; import { supabase } from '@/integrations/supabase/client'; import { useAuth } from '@/hooks/useAuth'; interface ProfileFieldAccess { [fieldName: string]: boolean; } export function useProfileFieldAccess(profileUserId: string | null | undefined) { const { user } = useAuth(); const [fieldAccess, setFieldAccess] = useState({}); const [loading, setLoading] = useState(true); useEffect(() => { if (!profileUserId) { setLoading(false); return; } checkFieldAccess(); }, [profileUserId, user?.id]); const checkFieldAccess = async () => { if (!profileUserId || !user?.id) { setLoading(false); return; } try { setLoading(true); // Fields that might need privacy checking const fieldsToCheck = [ 'date_of_birth', 'personal_location', 'location_id', 'preferred_pronouns', 'home_park_id', 'bio', 'avatar_url', 'avatar_image_id' ]; const accessChecks: ProfileFieldAccess = {}; // Check each field individually using our security definer function for (const field of fieldsToCheck) { const { data, error } = await supabase.rpc('can_view_profile_field', { _viewer_id: user.id, _profile_user_id: profileUserId, _field_name: field }); if (error) { console.error(`Error checking access for field ${field}:`, error); accessChecks[field] = false; } else { accessChecks[field] = data === true; } } setFieldAccess(accessChecks); } catch (error) { console.error('Error checking field access:', error); // Default to denying access on error setFieldAccess({}); } finally { setLoading(false); } }; const canViewField = (fieldName: string): boolean => { if (!profileUserId || !user?.id) { return false; } // Users can always see their own fields if (user.id === profileUserId) { return true; } return fieldAccess[fieldName] || false; }; const refresh = () => { checkFieldAccess(); }; return { canViewField, loading, refresh }; }