-- Allow authenticated users to SELECT from task_activity_logs
DO $$
BEGIN
  IF EXISTS (SELECT 1 FROM information_schema.tables WHERE table_name='task_activity_logs') THEN
    -- enable RLS (idempotent)
    EXECUTE 'ALTER TABLE IF EXISTS public.task_activity_logs ENABLE ROW LEVEL SECURITY';

    -- create SELECT policy for authenticated if not exists
    IF NOT EXISTS (
      SELECT 1 FROM pg_policies WHERE tablename = 'task_activity_logs' AND policyname = 'allow_authenticated_select'
    ) THEN
      EXECUTE 'CREATE POLICY allow_authenticated_select ON public.task_activity_logs FOR SELECT TO authenticated USING (true)';
    END IF;
  END IF;
END
$$;