REVOKE EXECUTE ON FUNCTION public.handle_new_user() FROM PUBLIC, anon, authenticated;
REVOKE EXECUTE ON FUNCTION public.update_updated_at_column() FROM PUBLIC, anon, authenticated;

-- Replace broad SELECT on public buckets so listing requires admin; direct URL fetch still works via bucket public flag
DROP POLICY IF EXISTS "Public read manga covers" ON storage.objects;
DROP POLICY IF EXISTS "Public read manga pages" ON storage.objects;
DROP POLICY IF EXISTS "Public read qr" ON storage.objects;
CREATE POLICY "Admins list manga covers" ON storage.objects FOR SELECT USING (bucket_id='manga-covers' AND public.has_role(auth.uid(),'admin'));
CREATE POLICY "Admins list manga pages" ON storage.objects FOR SELECT USING (bucket_id='manga-pages' AND public.has_role(auth.uid(),'admin'));
CREATE POLICY "Admins list qr" ON storage.objects FOR SELECT USING (bucket_id='payment-qr' AND public.has_role(auth.uid(),'admin'));