alter table public.expenses
  add column if not exists receipt_path text,
  add column if not exists receipt_name text;

insert into storage.buckets (id, name, public)
values ('expense-receipts', 'expense-receipts', false)
on conflict (id) do nothing;

drop policy if exists "Team reads expense receipts storage" on storage.objects;
drop policy if exists "Team inserts expense receipts storage" on storage.objects;
drop policy if exists "Team updates expense receipts storage" on storage.objects;
drop policy if exists "Team deletes expense receipts storage" on storage.objects;

create policy "Team reads expense receipts storage" on storage.objects
  for select to authenticated using (bucket_id = 'expense-receipts' and get_my_role() = 'team');
create policy "Team inserts expense receipts storage" on storage.objects
  for insert to authenticated with check (bucket_id = 'expense-receipts' and get_my_role() = 'team');
create policy "Team updates expense receipts storage" on storage.objects
  for update to authenticated using (bucket_id = 'expense-receipts' and get_my_role() = 'team')
  with check (bucket_id = 'expense-receipts' and get_my_role() = 'team');
create policy "Team deletes expense receipts storage" on storage.objects
  for delete to authenticated using (bucket_id = 'expense-receipts' and get_my_role() = 'team');