-- Drop and recreate filtered_profiles view without SECURITY DEFINER
DROP VIEW IF EXISTS public.filtered_profiles;

-- Recreate the view without SECURITY DEFINER
-- This view should use the querying user's permissions, not the creator's
CREATE VIEW public.filtered_profiles AS
SELECT 
  p.id,
  p.user_id,
  p.username,
  p.display_name,
  p.bio,
  p.avatar_url,
  p.avatar_image_id,
  p.preferred_pronouns,
  p.show_pronouns,
  p.timezone,
  p.preferred_language,
  p.location_id,
  p.personal_location,
  p.home_park_id,
  p.date_of_birth,
  p.privacy_level,
  p.theme_preference,
  p.ride_count,
  p.coaster_count,
  p.park_count,
  p.review_count,
  p.reputation_score,
  p.created_at,
  p.updated_at,
  p.banned
FROM public.profiles p;

-- Add comment explaining the view's purpose
COMMENT ON VIEW public.filtered_profiles IS 'Provides access to profile data respecting RLS policies of the querying user';