-- boards create table if not exists boards ( id bigint primary key, user_id uuid references auth.users not null, name text not null default 'ボード', parent_id bigint references boards(id) on delete set null, color_idx int default 0, created_at timestamptz default now() ); alter table boards enable row level security; create policy "users own boards" on boards for all using (auth.uid() = user_id) with check (auth.uid() = user_id); -- images create table if not exists images ( id bigint primary key, board_id bigint references boards(id) on delete cascade not null, user_id uuid references auth.users not null, storage_path text not null, x float default 0, y float default 0, visible boolean default true, created_at timestamptz default now() ); alter table images enable row level security; create policy "users own images" on images for all using (auth.uid() = user_id) with check (auth.uid() = user_id); -- pins create table if not exists pins ( id bigint primary key, board_id bigint references boards(id) on delete cascade not null, image_id bigint references images(id) on delete cascade not null, user_id uuid references auth.users not null, pin_x float, pin_y float, card_x float, card_y float, comment text, likes int default 0, featured boolean default false, time text, color text, rotate float, card_hidden boolean default false, attachment_path text, created_at timestamptz default now() ); alter table pins enable row level security; create policy "users own pins" on pins for all using (auth.uid() = user_id) with check (auth.uid() = user_id); -- replies create table if not exists replies ( id bigint primary key, pin_id bigint references pins(id) on delete cascade not null, user_id uuid references auth.users not null, comment text, time text, created_at timestamptz default now() ); alter table replies enable row level security; create policy "users own replies" on replies for all using (auth.uid() = user_id) with check (auth.uid() = user_id);

-- Storageダッシュボード → New bucket → 名前: wave-images → Public ON -- または SQL Editor で: insert into storage.buckets (id, name, public) values ('wave-images', 'wave-images', true) on conflict do nothing; create policy "users upload" on storage.objects for insert with check (bucket_id = 'wave-images' and auth.uid()::text = (storage.foldername(name))[1]); create policy "public read" on storage.objects for select using (bucket_id = 'wave-images'); create policy "users delete" on storage.objects for delete using (bucket_id = 'wave-images' and auth.uid()::text = (storage.foldername(name))[1]);