63842a9efc
Implements the design at
docs/superpowers/specs/2026-06-04-multi-brand-admin-design.md.
Adds:
- admin_user_brands junction table (m:n admin<->brand) via migration 207
- New role 'multi_brand_admin' (auto-set when an admin has 2+ brands)
- 'active_brand_id' cookie that persists the admin's currently-selected
brand across navigations; switchable via the new BrandSelector dropdown
in the sidebar
- Centralised brand resolution in src/lib/brand-scope.ts:
- getActiveBrandId (URL > cookie > legacy brand_id > first of brand_ids)
- assertBrandAccess (defence-in-depth for cases where the brandId
comes from a URL form or RPC return)
- ~30 server actions and ~10 page server components migrated to use
getActiveBrandId instead of the silent brandId ?? adminUser.brand_id
pattern that allowed cross-brand access bugs
- BrandSelector client component with proper a11y (aria-haspopup,
aria-expanded, role=listbox, outside-click and escape-to-close)
Migration 207 also adds RLS so admins can read their own junction rows
(needed for the dropdown to populate) and SECURITY DEFINER RPCs
add/remove_admin_user_brand that auto-promote/demote between
brand_admin and multi_brand_admin.
Notes:
- Migration number is 207 not 204 — 204-206 were taken in this worktree
by the concurrent locations work.
- The legacy admin_users.brand_id column is preserved for backwards
compat; a follow-up migration 220_* will drop it.
- Dev sessions (dev_session cookie, NEXT_PUBLIC_USE_MOCK_DATA) get
brand_ids: []; the documented limitation is that dev store_employee
will see <AdminAccessDenied /> if no real brands exist.
- Pages that hardcode a Tuxedo brand UUID as a fallback
(adminUser.brand_id ?? '64294306-...') are NOT migrated in this PR —
they still work for single-brand admins and are out of scope.
Co-authored-by: implementer subagent (cancelled mid-run), Grok orchestrator
42 lines
1.4 KiB
TypeScript
42 lines
1.4 KiB
TypeScript
import { supabase } from "@/lib/supabase";
|
|
import { getAdminUser } from "@/lib/admin-permissions";
|
|
import { getActiveBrandId } from "@/lib/brand-scope";
|
|
import AdminAccessDenied from "@/components/admin/AdminAccessDenied";
|
|
import ReportsDashboard from "@/components/admin/ReportsDashboard";
|
|
import { PageHeader } from "@/components/admin/design-system";
|
|
import { redirect } from "next/navigation";
|
|
|
|
export default async function ReportsPage() {
|
|
const adminUser = await getAdminUser();
|
|
if (!adminUser) return <AdminAccessDenied />;
|
|
if (!adminUser.can_manage_reports) redirect("/admin/pickup");
|
|
|
|
const isPlatformAdmin = adminUser.role === "platform_admin";
|
|
|
|
const { data: brands } = await supabase
|
|
.from("brands")
|
|
.select("id, name")
|
|
.order("name");
|
|
|
|
const initialBrandId = isPlatformAdmin
|
|
? null
|
|
: await getActiveBrandId(adminUser);
|
|
|
|
return (
|
|
<main className="min-h-screen px-6 py-10" style={{ backgroundColor: "var(--admin-bg)" }}>
|
|
<div className="mx-auto max-w-7xl">
|
|
<PageHeader
|
|
title="Reports"
|
|
subtitle="Operational visibility across orders, fulfillment, contacts, and campaigns."
|
|
/>
|
|
|
|
<ReportsDashboard
|
|
brands={brands ?? []}
|
|
initialBrandId={initialBrandId}
|
|
isPlatformAdmin={isPlatformAdmin}
|
|
brandId={adminUser.brand_id}
|
|
/>
|
|
</div>
|
|
</main>
|
|
);
|
|
} |