-- 1. Create the storage bucket
insert into storage.buckets (id, name, public)
values ('hall-logos', 'hall-logos', true);

-- 2. Enable RLS (although buckets are publicly accessible via the 'public' flag, policies are good practice)
create policy "Public Access"
  on storage.objects for select
  using ( bucket_id = 'hall-logos' );

create policy "Authenticated Uploads"
  on storage.objects for insert
  with check ( bucket_id = 'hall-logos' and auth.role() = 'authenticated' );

create policy "Authenticated Updates"
  on storage.objects for update
  with check ( bucket_id = 'hall-logos' and auth.role() = 'authenticated' );

create policy "Authenticated Deletes"
  on storage.objects for delete
  using ( bucket_id = 'hall-logos' and auth.role() = 'authenticated' );