New features user management Google Calendar integration

supabase/migrations/004_org_google_calendar.sql

@@ -0,0 +1,37 @@
+-- Organization-level Google Calendar (shared across all members)
+
+CREATE TABLE IF NOT EXISTS org_google_calendars (
+  id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+  org_id UUID REFERENCES organizations(id) ON DELETE CASCADE UNIQUE,
+  calendar_id TEXT NOT NULL, -- Google Calendar ID (e.g., "abc123@group.calendar.google.com")
+  calendar_name TEXT,
+  connected_by UUID REFERENCES auth.users(id),
+  access_token TEXT NOT NULL,
+  refresh_token TEXT NOT NULL,
+  token_expires_at TIMESTAMPTZ NOT NULL,
+  created_at TIMESTAMPTZ DEFAULT now(),
+  updated_at TIMESTAMPTZ DEFAULT now()
+);
+
+-- Index
+CREATE INDEX IF NOT EXISTS idx_org_google_calendars_org ON org_google_calendars(org_id);
+
+-- RLS
+ALTER TABLE org_google_calendars ENABLE ROW LEVEL SECURITY;
+
+-- All org members can view the org calendar connection
+CREATE POLICY "Org members can view org calendar" ON org_google_calendars 
+  FOR SELECT USING (EXISTS (
+    SELECT 1 FROM org_members om 
+    WHERE om.org_id = org_google_calendars.org_id 
+    AND om.user_id = auth.uid()
+  ));
+
+-- Only admins/owners can manage org calendar
+CREATE POLICY "Admins can manage org calendar" ON org_google_calendars 
+  FOR ALL USING (EXISTS (
+    SELECT 1 FROM org_members om 
+    WHERE om.org_id = org_google_calendars.org_id 
+    AND om.user_id = auth.uid() 
+    AND om.role IN ('owner', 'admin')
+  ));