-- Drop existing restrictive policies
DROP POLICY IF EXISTS "Admins can view all email threads" ON contact_email_threads;
DROP POLICY IF EXISTS "Admins can insert email threads" ON contact_email_threads;

-- Create new inclusive SELECT policy for all admin staff roles
CREATE POLICY "Admin staff can view all email threads" ON contact_email_threads
  FOR SELECT
  TO authenticated
  USING (
    has_role(auth.uid(), 'superuser'::app_role) OR
    has_role(auth.uid(), 'admin'::app_role) OR
    has_role(auth.uid(), 'moderator'::app_role)
  );

-- Create new inclusive INSERT policy for all admin staff roles
CREATE POLICY "Admin staff can insert email threads" ON contact_email_threads
  FOR INSERT
  TO authenticated
  WITH CHECK (
    has_role(auth.uid(), 'superuser'::app_role) OR
    has_role(auth.uid(), 'admin'::app_role) OR
    has_role(auth.uid(), 'moderator'::app_role)
  );