-- Grant permissions for punimtag_auth database
-- Run this as PostgreSQL superuser: sudo -u postgres psql -f grant-auth-permissions.sql
-- 
-- BEFORE RUNNING: Edit this file and replace 'your_user' with your actual database username
-- (e.g., 'viewer_readonly', 'viewer_write', or 'postgres')

-- Step 1: Grant connect permission to the auth database
-- Replace 'your_user' below with your actual username
GRANT CONNECT ON DATABASE punimtag_auth TO your_user;

-- Step 2: Connect to the auth database
\c punimtag_auth

-- Step 3: Grant usage on schema
GRANT USAGE ON SCHEMA public TO your_user;

-- Step 4: Grant permissions on tables
GRANT SELECT, INSERT, UPDATE ON TABLE users TO your_user;
GRANT SELECT, INSERT, UPDATE ON TABLE pending_identifications TO your_user;
GRANT SELECT, INSERT, UPDATE ON TABLE pending_photos TO your_user;
GRANT SELECT, INSERT, UPDATE, DELETE ON TABLE inappropriate_photo_reports TO your_user;

-- Step 5: Grant usage on sequences (needed for auto-increment IDs)
GRANT USAGE, SELECT ON SEQUENCE users_id_seq TO your_user;
GRANT USAGE, SELECT ON SEQUENCE pending_identifications_id_seq TO your_user;
GRANT USAGE, SELECT ON SEQUENCE pending_photos_id_seq TO your_user;
GRANT USAGE, SELECT ON SEQUENCE inappropriate_photo_reports_id_seq TO your_user;

-- Step 6: Grant on future tables
ALTER DEFAULT PRIVILEGES IN SCHEMA public 
GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO your_user;

ALTER DEFAULT PRIVILEGES IN SCHEMA public 
GRANT USAGE, SELECT ON SEQUENCES TO your_user;

\echo '✅ Permissions granted!'
\echo ''
\echo 'Update your .env file with:'
\echo 'DATABASE_URL_AUTH="postgresql://your_user:your_password@localhost:5432/punimtag_auth"'