fourge-portal/supabase/migrations/20260513120000_client_task_delete_policy.sql

-- Allow clients to delete tasks in their own company's projects.
-- Previously only team members could delete tasks (no client delete policy existed),
-- so client-side "Delete Request" silently failed with 0 rows deleted.

drop policy if exists "Client deletes company tasks" on public.tasks;
create policy "Client deletes company tasks" on public.tasks
  for delete using (
    get_my_role() = 'client'
    and project_id in (
      select id from public.projects where has_company_access(company_id)
    )
  );

-- Also allow clients to delete projects (needed when the last task in a project is deleted).
drop policy if exists "Client deletes company projects" on public.projects;
create policy "Client deletes company projects" on public.projects
  for delete using (
    get_my_role() = 'client'
    and has_company_access(company_id)
  );