Add Project Files section and show company name for external users on project detail

supabase/migrations/20260513170000_add_brand_book_rate_to_profiles.sql

@@ -0,0 +1,2 @@
+alter table public.profiles
+  add column if not exists brand_book_rate numeric(10,2) not null default 60;

supabase/migrations/20260513180000_add_subcontractor_invoices.sql

@@ -0,0 +1,72 @@
+-- Sub-created invoices submitted to team for payment
+create table public.subcontractor_invoices (
+  id uuid default gen_random_uuid() primary key,
+  profile_id uuid references public.profiles(id) on delete cascade not null,
+  invoice_number text not null,
+  status text not null default 'draft' check (status in ('draft', 'submitted', 'paid')),
+  notes text not null default '',
+  submitted_at timestamptz,
+  paid_at timestamptz,
+  created_at timestamptz default now() not null,
+  updated_at timestamptz default now() not null
+);
+
+create table public.subcontractor_invoice_items (
+  id uuid default gen_random_uuid() primary key,
+  invoice_id uuid references public.subcontractor_invoices(id) on delete cascade not null,
+  task_id uuid references public.tasks(id) on delete set null,
+  description text not null,
+  quantity numeric(10,2) not null default 1,
+  unit_price numeric(10,2) not null default 0,
+  sort_order integer not null default 0,
+  created_at timestamptz default now() not null
+);
+
+alter table public.subcontractor_invoices enable row level security;
+alter table public.subcontractor_invoice_items enable row level security;
+
+-- Team: full access
+create policy "Team all subcontractor_invoices" on public.subcontractor_invoices
+  for all using (get_my_role() = 'team') with check (get_my_role() = 'team');
+
+-- Subs: read own
+create policy "Sub select own invoices" on public.subcontractor_invoices
+  for select using (profile_id = auth.uid() and get_my_role() = 'external');
+
+-- Subs: create own
+create policy "Sub insert own invoices" on public.subcontractor_invoices
+  for insert with check (profile_id = auth.uid() and get_my_role() = 'external');
+
+-- Subs: update own non-paid (submit draft, etc.)
+create policy "Sub update own non-paid invoices" on public.subcontractor_invoices
+  for update using (profile_id = auth.uid() and get_my_role() = 'external' and status != 'paid');
+
+-- Subs: delete own drafts only
+create policy "Sub delete own draft invoices" on public.subcontractor_invoices
+  for delete using (profile_id = auth.uid() and get_my_role() = 'external' and status = 'draft');
+
+-- Team: full access to items
+create policy "Team all sub invoice items" on public.subcontractor_invoice_items
+  for all using (get_my_role() = 'team') with check (get_my_role() = 'team');
+
+-- Subs: read items on own invoices
+create policy "Sub read own invoice items" on public.subcontractor_invoice_items
+  for select using (
+    invoice_id in (select id from public.subcontractor_invoices where profile_id = auth.uid())
+  );
+
+-- Subs: manage items on own draft invoices only
+create policy "Sub insert draft invoice items" on public.subcontractor_invoice_items
+  for insert with check (
+    invoice_id in (select id from public.subcontractor_invoices where profile_id = auth.uid() and status = 'draft')
+  );
+
+create policy "Sub update draft invoice items" on public.subcontractor_invoice_items
+  for update using (
+    invoice_id in (select id from public.subcontractor_invoices where profile_id = auth.uid() and status = 'draft')
+  );
+
+create policy "Sub delete draft invoice items" on public.subcontractor_invoice_items
+  for delete using (
+    invoice_id in (select id from public.subcontractor_invoices where profile_id = auth.uid() and status = 'draft')
+  );

supabase/migrations/20260513190000_add_sub_invoice_number_fn.sql

@@ -0,0 +1,9 @@
+create or replace function public.get_next_sub_invoice_number()
+returns text
+language sql
+security definer
+set search_path = public
+as $$
+  select 'INVSUB-' || extract(year from now())::text || '-' || lpad((count(*) + 1)::text, 3, '0')
+  from public.subcontractor_invoices;
+$$;

supabase/migrations/20260513200000_external_delivery_access.sql

@@ -0,0 +1,13 @@
+-- Allow external users to insert/update deliveries (upsert) and insert delivery_files
+create policy "External inserts deliveries" on public.deliveries
+  for insert with check (get_my_role() = 'external');
+
+create policy "External updates deliveries" on public.deliveries
+  for update using (get_my_role() = 'external');
+
+create policy "External inserts delivery_files" on public.delivery_files
+  for insert with check (get_my_role() = 'external');
+
+-- Allow external users to upload to deliveries storage bucket
+create policy "External inserts deliveries storage" on storage.objects
+  for insert to authenticated with check (bucket_id = 'deliveries' and get_my_role() = 'external');

supabase/migrations/20260513210000_fix_sub_invoice_items_insert.sql

@@ -0,0 +1,8 @@
+-- Fix: items insert was blocked when invoice status = 'submitted' at creation time.
+-- Allow insert on own invoices regardless of status (ownership check is sufficient).
+drop policy if exists "Sub insert draft invoice items" on public.subcontractor_invoice_items;
+
+create policy "Sub insert own invoice items" on public.subcontractor_invoice_items
+  for insert with check (
+    invoice_id in (select id from public.subcontractor_invoices where profile_id = auth.uid())
+  );

supabase/migrations/20260513220000_sub_delete_submitted_invoices.sql

@@ -0,0 +1,5 @@
+-- Allow subs to delete their own draft or submitted invoices (not paid)
+drop policy if exists "Sub delete own draft invoices" on public.subcontractor_invoices;
+
+create policy "Sub delete own unpaid invoices" on public.subcontractor_invoices
+  for delete using (profile_id = auth.uid() and get_my_role() = 'external' and status != 'paid');