-- Migration 002: Create profile tables
-- Profiles are the base for authentication/authorization
-- TeamProfile: role-based access (Admin > TeamLeader > TeamMember)
-- CustomerProfile: data-scoped access via customer_profile_access M2M

-- Team member profiles (internal users)
-- Note: id IS the Kratos identity UUID - no separate ory_kratos_id column
-- This allows Oathkeeper's X-User-ID header to be used directly for profile lookup
CREATE TABLE team_profiles (
    id UUID PRIMARY KEY,  -- = Kratos identity.id (not auto-generated)
    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
    updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),

    -- Contact info
    first_name VARCHAR(100) NOT NULL,
    last_name VARCHAR(100) NOT NULL,
    phone VARCHAR(20),
    email VARCHAR(254),

    -- Authorization
    role team_role NOT NULL DEFAULT 'TEAM_MEMBER',
    status entity_status NOT NULL DEFAULT 'ACTIVE',

    notes TEXT
);

-- Customer profiles (external users)
-- Note: id IS the Kratos identity UUID - no separate ory_kratos_id column
CREATE TABLE customer_profiles (
    id UUID PRIMARY KEY,  -- = Kratos identity.id (not auto-generated)
    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
    updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),

    -- Contact info
    first_name VARCHAR(100) NOT NULL,
    last_name VARCHAR(100) NOT NULL,
    phone VARCHAR(20),
    email VARCHAR(254),

    status entity_status NOT NULL DEFAULT 'ACTIVE',

    notes TEXT
);

-- Indexes for common queries
CREATE INDEX idx_team_profiles_status ON team_profiles(status);
CREATE INDEX idx_team_profiles_role ON team_profiles(role);
CREATE INDEX idx_customer_profiles_status ON customer_profiles(status);