Refactor admin blog access

src/components/layout/AdminSidebar.tsx

@@ -19,6 +19,7 @@ export function AdminSidebar() {
   const { state } = useSidebar();
   const { permissions } = useUserRole();
   const isSuperuser = permissions?.role_level === 'superuser';
+  const isAdmin = permissions?.role_level === 'admin' || isSuperuser;
   const collapsed = state === 'collapsed';
 
   const navItems = [
@@ -47,11 +48,11 @@ export function AdminSidebar() {
       url: '/admin/users',
       icon: Users,
     },
-    {
+    ...(isAdmin ? [{
       title: 'Blog',
       url: '/admin/blog',
       icon: BookOpen,
-    },
+    }] : []),
     ...(isSuperuser ? [{
       title: 'Settings',
       url: '/admin/settings',

src/pages/AdminBlog.tsx

@@ -35,7 +35,7 @@ interface BlogPost {
 
 export default function AdminBlog() {
   const { user } = useAuth();
-  const { isModerator } = useUserRole();
+  const { isAdmin, loading } = useUserRole();
   const navigate = useNavigate();
   const queryClient = useQueryClient();
 
@@ -48,11 +48,6 @@ export default function AdminBlog() {
   const [featuredImageId, setFeaturedImageId] = useState('');
   const [featuredImageUrl, setFeaturedImageUrl] = useState('');
 
-  if (!isModerator()) {
-    navigate('/');
-    return null;
-  }
-
   const { data: posts, isLoading } = useQuery({
     queryKey: ['admin-blog-posts'],
     queryFn: async () => {
@@ -65,6 +60,26 @@ export default function AdminBlog() {
     },
   });
 
+  // Show loading state while checking permissions
+  if (loading) {
+    return (
+      <AdminLayout>
+        <div className="flex items-center justify-center min-h-[60vh]">
+          <div className="text-center">
+            <div className="animate-spin rounded-full h-12 w-12 border-b-2 border-primary mx-auto mb-4"></div>
+            <p className="text-muted-foreground">Loading...</p>
+          </div>
+        </div>
+      </AdminLayout>
+    );
+  }
+
+  // Redirect if not admin or superuser
+  if (!isAdmin()) {
+    navigate('/');
+    return null;
+  }
+
   const saveMutation = useMutation({
     mutationFn: async ({ isDraft }: { isDraft: boolean }) => {
       const postData = {

supabase/migrations/20251010230214_addcca80-9fb4-4f5a-b581-34463dec5c47.sql

@@ -0,0 +1,10 @@
+-- Drop existing policy that allows moderators
+DROP POLICY IF EXISTS "Admins can do everything" ON public.blog_posts;
+
+-- Create new policy for admins and superusers only
+CREATE POLICY "Admins and superusers can manage blog posts"
+  ON public.blog_posts FOR ALL
+  USING (
+    has_role(auth.uid(), 'admin'::app_role) OR 
+    has_role(auth.uid(), 'superuser'::app_role)
+  );