Refactor admin settings access

src/hooks/useAdminSettings.ts

@@ -1,6 +1,7 @@
 import { useQuery, useMutation, useQueryClient } from '@tanstack/react-query';
 import { supabase } from '@/integrations/supabase/client';
 import { useAuth } from './useAuth';
+import { useUserRole } from './useUserRole';
 import { useToast } from './use-toast';
 
 interface AdminSetting {
@@ -13,6 +14,7 @@ interface AdminSetting {
 
 export function useAdminSettings() {
   const { user } = useAuth();
+  const { isSuperuser } = useUserRole();
   const { toast } = useToast();
   const queryClient = useQueryClient();
 
@@ -31,7 +33,7 @@ export function useAdminSettings() {
       if (error) throw error;
       return data as AdminSetting[];
     },
-    enabled: !!user
+    enabled: !!user && isSuperuser()
   });
 
   const updateSettingMutation = useMutation({

src/pages/AdminSettings.tsx

@@ -15,7 +15,7 @@ import { Loader2, Save, Clock, Users, Bell, Shield, Settings, Trash2 } from 'luc
 
 export default function AdminSettings() {
   const { user } = useAuth();
-  const { isAdmin, isModerator, loading: roleLoading } = useUserRole();
+  const { isSuperuser, loading: roleLoading } = useUserRole();
   const { 
     settings, 
     isLoading, 
@@ -36,7 +36,7 @@ export default function AdminSettings() {
     );
   }
 
-  if (!user || (!isAdmin() && !isModerator())) {
+  if (!user || !isSuperuser()) {
     return (
       <>
         <AdminHeader />

supabase/migrations/20250928192634_b69bba70-eaf7-41e8-b949-22cd17ff74f1.sql

@@ -0,0 +1,7 @@
+-- Update admin_settings RLS policy to only allow superusers
+DROP POLICY IF EXISTS "Admins can manage settings" ON public.admin_settings;
+
+CREATE POLICY "Superusers can manage settings" 
+ON public.admin_settings 
+FOR ALL 
+USING (is_superuser(auth.uid()));