- Migrate login page to atelier design system (editorial modal style) - Polish root error.tsx, not-found.tsx, loading.tsx with atelier design - Add JSON-LD structured data: SoftwareApplication + LocalBusiness - Fix next.config.ts outputFileTracingRoot absolute path warning - Add force-dynamic to protected-example (uses cookies) - Add proper type for stops page (replace : any) - Fix unescaped quotes in StopTableClient - Fix no-explicit-any in db-schema route - Clean up console.logs in admin-permissions - Fix inline any in admin/stops page - Update OG image references to existing og-default.svg
This commit is contained in:
@@ -41,31 +41,25 @@ export async function getAdminUser(): Promise<AdminUser | null> {
|
||||
let sessionEmail: string | null = null;
|
||||
try {
|
||||
const { data: session } = await getSession();
|
||||
console.log("[admin-permissions] Full session:", JSON.stringify(session));
|
||||
sessionEmail = session?.user?.email ?? null;
|
||||
console.log("[admin-permissions] Session email:", sessionEmail);
|
||||
} catch (err) {
|
||||
console.error("[admin-permissions] getSession() failed:", err);
|
||||
return null;
|
||||
}
|
||||
|
||||
if (!sessionEmail) {
|
||||
console.log("[admin-permissions] No session email - returning null");
|
||||
return null;
|
||||
}
|
||||
|
||||
try {
|
||||
return await withPlatformAdmin(async (db) => {
|
||||
console.log("[admin-permissions] Looking for user with email:", sessionEmail.toLowerCase());
|
||||
const userRows = await db
|
||||
.select()
|
||||
.from(adminUsers)
|
||||
.where(eq(adminUsers.email, sessionEmail.toLowerCase()))
|
||||
.limit(1);
|
||||
console.log("[admin-permissions] User rows found:", userRows.length, userRows);
|
||||
const user = userRows[0];
|
||||
if (!user) {
|
||||
console.log("[admin-permissions] User not found in admin_users");
|
||||
return null;
|
||||
}
|
||||
|
||||
@@ -83,13 +77,10 @@ export async function getAdminUser(): Promise<AdminUser | null> {
|
||||
.innerJoin(brands, eq(brands.id, adminUserBrands.brandId))
|
||||
.where(eq(adminUserBrands.adminUserId, user.id));
|
||||
|
||||
console.log("[admin-permissions] Membership rows found:", membershipRows.length, membershipRows);
|
||||
|
||||
// Brand-scoped roles (brand_admin, store_employee) require at least one brand link.
|
||||
// Platform admins may have zero or more explicit links; they get cross-brand access via role.
|
||||
if (membershipRows.length === 0 && role !== "platform_admin") {
|
||||
// Signed in but not provisioned for any brand.
|
||||
console.log("[admin-permissions] No brand memberships for non-platform user — denying");
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user