From 5b84170a281db3a18ae0da725b08e1fa4906731b Mon Sep 17 00:00:00 2001
From: Gustavo Henrique Santos Souza de Miranda <gustavohssmiranda@gmail.com>
Date: Sat, 24 Jan 2026 02:38:05 -0300
Subject: [PATCH] fix: allow profile lookup for sharing by adding RLS policy

The profiles table RLS policies only allowed users to view their own
profile, causing the share feature to fail when searching for users
by email. Added a policy allowing any authenticated user to read profiles.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 ...20260124100000_allow_profile_lookup_for_sharing.sql | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 supabase/migrations/20260124100000_allow_profile_lookup_for_sharing.sql

diff --git a/supabase/migrations/20260124100000_allow_profile_lookup_for_sharing.sql b/supabase/migrations/20260124100000_allow_profile_lookup_for_sharing.sql
new file mode 100644
index 0000000..ca85885
--- /dev/null
+++ b/supabase/migrations/20260124100000_allow_profile_lookup_for_sharing.sql
@@ -0,0 +1,10 @@
+-- Migration: Allow authenticated users to look up profiles for sharing
+-- Problem: The profiles RLS policies only allow users to see their own profile
+-- (or admins to see all). This prevents the sharing feature from finding
+-- users by email since the query is blocked by RLS.
+-- Solution: Add a SELECT policy allowing any authenticated user to view profiles.
+
+CREATE POLICY "Authenticated users can view profiles"
+  ON profiles
+  FOR SELECT
+  USING (auth.uid() IS NOT NULL);