-- Fix RLS policy that's causing "permission denied for table users" error
-- The issue is the policy tries to SELECT from auth.users which isn't allowed

-- Drop the problematic policy
DROP POLICY IF EXISTS "Users can view own contact submissions" ON public.contact_submissions;

-- Recreate it using auth.jwt() to get email instead of querying auth.users
CREATE POLICY "Users can view own contact submissions"
ON public.contact_submissions
FOR SELECT
TO public
USING (
  user_id = auth.uid() 
  OR 
  (auth.uid() IS NOT NULL AND email = (auth.jwt() ->> 'email'))
);