-- Restrict direct photo modifications - require moderation queue
-- Drop existing policies that allow direct modification
DROP POLICY IF EXISTS "Moderators can update photos" ON public.photos;
DROP POLICY IF EXISTS "Moderators can delete photos" ON public.photos;

-- Keep read policies
-- Public read access to photos already exists

-- Only service role (edge functions) can modify photos after approval
CREATE POLICY "Service role can insert photos"
  ON public.photos FOR INSERT
  TO service_role
  WITH CHECK (true);

CREATE POLICY "Service role can update photos"
  ON public.photos FOR UPDATE
  TO service_role
  USING (true);

CREATE POLICY "Service role can delete photos"
  ON public.photos FOR DELETE
  TO service_role
  USING (true);