From 14d7801b6f20b6c4eb42e54bee81ba5b5f42894a Mon Sep 17 00:00:00 2001
From: "gpt-engineer-app[bot]"
 <159125892+gpt-engineer-app[bot]@users.noreply.github.com>
Date: Fri, 10 Oct 2025 23:03:05 +0000
Subject: [PATCH] Refactor admin blog access

---
 src/components/layout/AdminSidebar.tsx        |  5 ++--
 src/pages/AdminBlog.tsx                       | 27 ++++++++++++++-----
 ...4_addcca80-9fb4-4f5a-b581-34463dec5c47.sql | 10 +++++++
 3 files changed, 34 insertions(+), 8 deletions(-)
 create mode 100644 supabase/migrations/20251010230214_addcca80-9fb4-4f5a-b581-34463dec5c47.sql

diff --git a/src/components/layout/AdminSidebar.tsx b/src/components/layout/AdminSidebar.tsx
index 3cd88bc1..de8fec7d 100644
--- a/src/components/layout/AdminSidebar.tsx
+++ b/src/components/layout/AdminSidebar.tsx
@@ -19,6 +19,7 @@ export function AdminSidebar() {
   const { state } = useSidebar();
   const { permissions } = useUserRole();
   const isSuperuser = permissions?.role_level === 'superuser';
+  const isAdmin = permissions?.role_level === 'admin' || isSuperuser;
   const collapsed = state === 'collapsed';
 
   const navItems = [
@@ -47,11 +48,11 @@ export function AdminSidebar() {
       url: '/admin/users',
       icon: Users,
     },
-    {
+    ...(isAdmin ? [{
       title: 'Blog',
       url: '/admin/blog',
       icon: BookOpen,
-    },
+    }] : []),
     ...(isSuperuser ? [{
       title: 'Settings',
       url: '/admin/settings',
diff --git a/src/pages/AdminBlog.tsx b/src/pages/AdminBlog.tsx
index dedccc2a..28f9777f 100644
--- a/src/pages/AdminBlog.tsx
+++ b/src/pages/AdminBlog.tsx
@@ -35,7 +35,7 @@ interface BlogPost {
 
 export default function AdminBlog() {
   const { user } = useAuth();
-  const { isModerator } = useUserRole();
+  const { isAdmin, loading } = useUserRole();
   const navigate = useNavigate();
   const queryClient = useQueryClient();
 
@@ -48,11 +48,6 @@ export default function AdminBlog() {
   const [featuredImageId, setFeaturedImageId] = useState('');
   const [featuredImageUrl, setFeaturedImageUrl] = useState('');
 
-  if (!isModerator()) {
-    navigate('/');
-    return null;
-  }
-
   const { data: posts, isLoading } = useQuery({
     queryKey: ['admin-blog-posts'],
     queryFn: async () => {
@@ -65,6 +60,26 @@ export default function AdminBlog() {
     },
   });
 
+  // Show loading state while checking permissions
+  if (loading) {
+    return (
+      <AdminLayout>
+        <div className="flex items-center justify-center min-h-[60vh]">
+          <div className="text-center">
+            <div className="animate-spin rounded-full h-12 w-12 border-b-2 border-primary mx-auto mb-4"></div>
+            <p className="text-muted-foreground">Loading...</p>
+          </div>
+        </div>
+      </AdminLayout>
+    );
+  }
+
+  // Redirect if not admin or superuser
+  if (!isAdmin()) {
+    navigate('/');
+    return null;
+  }
+
   const saveMutation = useMutation({
     mutationFn: async ({ isDraft }: { isDraft: boolean }) => {
       const postData = {
diff --git a/supabase/migrations/20251010230214_addcca80-9fb4-4f5a-b581-34463dec5c47.sql b/supabase/migrations/20251010230214_addcca80-9fb4-4f5a-b581-34463dec5c47.sql
new file mode 100644
index 00000000..5498bd5f
--- /dev/null
+++ b/supabase/migrations/20251010230214_addcca80-9fb4-4f5a-b581-34463dec5c47.sql
@@ -0,0 +1,10 @@
+-- Drop existing policy that allows moderators
+DROP POLICY IF EXISTS "Admins can do everything" ON public.blog_posts;
+
+-- Create new policy for admins and superusers only
+CREATE POLICY "Admins and superusers can manage blog posts"
+  ON public.blog_posts FOR ALL
+  USING (
+    has_role(auth.uid(), 'admin'::app_role) OR 
+    has_role(auth.uid(), 'superuser'::app_role)
+  );
\ No newline at end of file