/*
 * -------------------------------------------------------
 * Hotel/Booking Management Schema
 * Phase 6: rooms, amenities, bookings, guests
 * -------------------------------------------------------
 */

create table if not exists public.rooms (
  id uuid primary key default gen_random_uuid(),
  account_id uuid not null references public.accounts(id) on delete cascade,
  room_number text not null,
  name text,
  room_type text not null default 'standard',
  capacity integer not null default 2,
  floor integer,
  price_per_night numeric(10,2) not null default 0,
  description text,
  is_active boolean not null default true,
  amenities jsonb not null default '[]'::jsonb,
  created_at timestamptz not null default now(),
  unique(account_id, room_number)
);
create index ix_rooms_account on public.rooms(account_id);
alter table public.rooms enable row level security;
revoke all on public.rooms from authenticated, service_role;
grant select, insert, update, delete on public.rooms to authenticated;
grant all on public.rooms to service_role;
create policy rooms_select on public.rooms for select to authenticated using (public.has_role_on_account(account_id));
create policy rooms_mutate on public.rooms for all to authenticated using (public.has_permission(auth.uid(), account_id, 'bookings.write'::public.app_permissions));

create table if not exists public.guests (
  id uuid primary key default gen_random_uuid(),
  account_id uuid not null references public.accounts(id) on delete cascade,
  first_name text not null,
  last_name text not null,
  email text,
  phone text,
  street text,
  postal_code text,
  city text,
  country text default 'DE',
  date_of_birth date,
  id_number text,
  notes text,
  created_at timestamptz not null default now()
);
create index ix_guests_account on public.guests(account_id);
create index ix_guests_name on public.guests(account_id, last_name, first_name);
alter table public.guests enable row level security;
revoke all on public.guests from authenticated, service_role;
grant select, insert, update, delete on public.guests to authenticated;
grant all on public.guests to service_role;
create policy guests_select on public.guests for select to authenticated using (public.has_role_on_account(account_id));
create policy guests_mutate on public.guests for all to authenticated using (public.has_permission(auth.uid(), account_id, 'bookings.write'::public.app_permissions));

create table if not exists public.bookings (
  id uuid primary key default gen_random_uuid(),
  account_id uuid not null references public.accounts(id) on delete cascade,
  room_id uuid not null references public.rooms(id) on delete cascade,
  guest_id uuid references public.guests(id) on delete set null,
  check_in date not null,
  check_out date not null,
  adults integer not null default 1,
  children integer not null default 0,
  status text not null default 'confirmed' check (status in ('pending', 'confirmed', 'checked_in', 'checked_out', 'cancelled', 'no_show')),
  total_price numeric(10,2) not null default 0,
  notes text,
  extras jsonb not null default '[]'::jsonb,
  created_at timestamptz not null default now(),
  updated_at timestamptz not null default now(),
  check (check_out > check_in)
);
create index ix_bookings_account on public.bookings(account_id);
create index ix_bookings_room on public.bookings(room_id);
create index ix_bookings_dates on public.bookings(room_id, check_in, check_out);
create index ix_bookings_guest on public.bookings(guest_id);
alter table public.bookings enable row level security;
revoke all on public.bookings from authenticated, service_role;
grant select, insert, update, delete on public.bookings to authenticated;
grant all on public.bookings to service_role;
create policy bookings_select on public.bookings for select to authenticated using (public.has_role_on_account(account_id));
create policy bookings_insert on public.bookings for insert to authenticated with check (public.has_permission(auth.uid(), account_id, 'bookings.write'::public.app_permissions));
create policy bookings_update on public.bookings for update to authenticated using (public.has_permission(auth.uid(), account_id, 'bookings.write'::public.app_permissions));
create policy bookings_delete on public.bookings for delete to authenticated using (public.has_permission(auth.uid(), account_id, 'bookings.write'::public.app_permissions));
create trigger trg_bookings_updated_at before update on public.bookings for each row execute function public.update_account_settings_timestamp();