Refactor admin blog access

2025-12-20 12:31:26 -05:00 · 2025-10-10 23:03:05 +00:00
parent bc08d44f4c
commit 14d7801b6f
3 changed files with 34 additions and 8 deletions
--- a/src/components/layout/AdminSidebar.tsx
+++ b/src/components/layout/AdminSidebar.tsx
@@ -19,6 +19,7 @@ export function AdminSidebar() {
  const { state } = useSidebar();
  const { permissions } = useUserRole();
  const isSuperuser = permissions?.role_level === 'superuser';
  const isAdmin = permissions?.role_level === 'admin' || isSuperuser;
  const collapsed = state === 'collapsed';
  const navItems = [
@@ -47,11 +48,11 @@ export function AdminSidebar() {
      url: '/admin/users',
      icon: Users,
    },
-    {
+    ...(isAdmin ? [{
      title: 'Blog',
      url: '/admin/blog',
      icon: BookOpen,
-    },
+    }] : []),
    ...(isSuperuser ? [{
      title: 'Settings',
      url: '/admin/settings',
--- a/src/pages/AdminBlog.tsx
+++ b/src/pages/AdminBlog.tsx
@@ -35,7 +35,7 @@ interface BlogPost {
 export default function AdminBlog() {
  const { user } = useAuth();
-  const { isModerator } = useUserRole();
+  const { isAdmin, loading } = useUserRole();
  const navigate = useNavigate();
  const queryClient = useQueryClient();
@@ -48,11 +48,6 @@ export default function AdminBlog() {
  const [featuredImageId, setFeaturedImageId] = useState('');
  const [featuredImageUrl, setFeaturedImageUrl] = useState('');
  if (!isModerator()) {
    navigate('/');
    return null;
  }
  const { data: posts, isLoading } = useQuery({
    queryKey: ['admin-blog-posts'],
    queryFn: async () => {
@@ -65,6 +60,26 @@ export default function AdminBlog() {
    },
  });
  // Show loading state while checking permissions
  if (loading) {
    return (
      <AdminLayout>
        <div className="flex items-center justify-center min-h-[60vh]">
          <div className="text-center">
            <div className="animate-spin rounded-full h-12 w-12 border-b-2 border-primary mx-auto mb-4"></div>
            <p className="text-muted-foreground">Loading...</p>
          </div>
        </div>
      </AdminLayout>
    );
  }
  // Redirect if not admin or superuser
  if (!isAdmin()) {
    navigate('/');
    return null;
  }
  const saveMutation = useMutation({
    mutationFn: async ({ isDraft }: { isDraft: boolean }) => {
      const postData = {
--- a/supabase/migrations/20251010230214_addcca80-9fb4-4f5a-b581-34463dec5c47.sql
+++ b/supabase/migrations/20251010230214_addcca80-9fb4-4f5a-b581-34463dec5c47.sql
@@ -0,0 +1,10 @@
 -- Drop existing policy that allows moderators
 DROP POLICY IF EXISTS "Admins can do everything" ON public.blog_posts;
 -- Create new policy for admins and superusers only
 CREATE POLICY "Admins and superusers can manage blog posts"
  ON public.blog_posts FOR ALL
  USING (
    has_role(auth.uid(), 'admin'::app_role) OR 
    has_role(auth.uid(), 'superuser'::app_role)
  );