-- Row Level Security policies
-- The application sets: SET LOCAL app.current_user_id = '<uuid>' at the start of each request

-- Helper function to get current user id safely
CREATE OR REPLACE FUNCTION current_app_user_id() RETURNS UUID AS $$
BEGIN
    RETURN current_setting('app.current_user_id', true)::UUID;
EXCEPTION WHEN OTHERS THEN
    RETURN NULL;
END;
$$ LANGUAGE plpgsql STABLE SECURITY DEFINER;

-- Policies are applied after table creation via Alembic migration
-- This file sets up the helper only; RLS is enabled in the migration