-- ============================================================================
-- Inou Database Schema (inou.db)
-- ============================================================================
-- Medical data. Tables are NOT auto-created.
-- Use this file manually if you ever need to recreate tables.
--
-- OAuth tables are in separate auth.db (see schema-auth.sql)
-- ============================================================================

-- RBAC Access Grants
-- Stores who (grantee) can access whose (dossier) data with what permissions (ops)
CREATE TABLE IF NOT EXISTS access (
    access_id TEXT PRIMARY KEY,
    dossier_id TEXT,          -- whose data (encrypted)
    grantee_id TEXT,          -- who gets access (encrypted)
    entry_id TEXT,            -- specific entry, or empty for dossier-wide
    role TEXT NOT NULL,       -- role name (Family, Doctor, etc.)
    ops TEXT NOT NULL,        -- operations: r=read, w=write, d=delete, m=manage
    created_at INTEGER NOT NULL
);

CREATE INDEX IF NOT EXISTS idx_access_grantee ON access(grantee_id);
CREATE INDEX IF NOT EXISTS idx_access_dossier ON access(dossier_id);
CREATE INDEX IF NOT EXISTS idx_access_entry ON access(entry_id);