-- Enable RLS on game_challenges so Supabase Realtime can use auth.uid() for row filtering
-- Without RLS, Realtime falls back to an empty role which causes "role "" does not exist" errors

ALTER TABLE rebreak.game_challenges ENABLE ROW LEVEL SECURITY;

-- Both players can read the game they are part of
CREATE POLICY "players can read their game" ON rebreak.game_challenges
  FOR SELECT USING (
    auth.uid() = challenger_id OR auth.uid() = opponent_id
  );

-- Only the challenger can create the game row
CREATE POLICY "challenger can create game" ON rebreak.game_challenges
  FOR INSERT WITH CHECK (auth.uid() = challenger_id);

-- Both players can update the game (make moves, accept/cancel)
CREATE POLICY "players can update their game" ON rebreak.game_challenges
  FOR UPDATE USING (
    auth.uid() = challenger_id OR auth.uid() = opponent_id
  );