-- Drop existing policy that allows moderators
DROP POLICY IF EXISTS "Admins can do everything" ON public.blog_posts;

-- Create new policy for admins and superusers only
CREATE POLICY "Admins and superusers can manage blog posts"
  ON public.blog_posts FOR ALL
  USING (
    has_role(auth.uid(), 'admin'::app_role) OR 
    has_role(auth.uid(), 'superuser'::app_role)
  );