63842a9efc
Implements the design at
docs/superpowers/specs/2026-06-04-multi-brand-admin-design.md.
Adds:
- admin_user_brands junction table (m:n admin<->brand) via migration 207
- New role 'multi_brand_admin' (auto-set when an admin has 2+ brands)
- 'active_brand_id' cookie that persists the admin's currently-selected
brand across navigations; switchable via the new BrandSelector dropdown
in the sidebar
- Centralised brand resolution in src/lib/brand-scope.ts:
- getActiveBrandId (URL > cookie > legacy brand_id > first of brand_ids)
- assertBrandAccess (defence-in-depth for cases where the brandId
comes from a URL form or RPC return)
- ~30 server actions and ~10 page server components migrated to use
getActiveBrandId instead of the silent brandId ?? adminUser.brand_id
pattern that allowed cross-brand access bugs
- BrandSelector client component with proper a11y (aria-haspopup,
aria-expanded, role=listbox, outside-click and escape-to-close)
Migration 207 also adds RLS so admins can read their own junction rows
(needed for the dropdown to populate) and SECURITY DEFINER RPCs
add/remove_admin_user_brand that auto-promote/demote between
brand_admin and multi_brand_admin.
Notes:
- Migration number is 207 not 204 — 204-206 were taken in this worktree
by the concurrent locations work.
- The legacy admin_users.brand_id column is preserved for backwards
compat; a follow-up migration 220_* will drop it.
- Dev sessions (dev_session cookie, NEXT_PUBLIC_USE_MOCK_DATA) get
brand_ids: []; the documented limitation is that dev store_employee
will see <AdminAccessDenied /> if no real brands exist.
- Pages that hardcode a Tuxedo brand UUID as a fallback
(adminUser.brand_id ?? '64294306-...') are NOT migrated in this PR —
they still work for single-brand admins and are out of scope.
Co-authored-by: implementer subagent (cancelled mid-run), Grok orchestrator
66 lines
2.0 KiB
TypeScript
66 lines
2.0 KiB
TypeScript
import "server-only";
|
|
|
|
import { getAdminUser } from "@/lib/admin-permissions";
|
|
import { svcHeaders } from "@/lib/svc-headers";
|
|
|
|
export type BrandListItem = {
|
|
id: string;
|
|
name: string;
|
|
slug: string;
|
|
logo_url: string | null;
|
|
};
|
|
|
|
/**
|
|
* Returns the list of brands the current admin user can act in.
|
|
*
|
|
* - platform_admin: all brands (queried directly from the `brands` table)
|
|
* - everyone else: brands in `adminUser.brand_ids`
|
|
* - empty array for unauthenticated / no-access admins
|
|
*
|
|
* This is a plain async function (not a server action) so it can be called
|
|
* from server components and server actions without the "use server" wrapper.
|
|
* The BrandSelector client component receives the result as a prop.
|
|
*/
|
|
export async function listBrandsForAdmin(): Promise<BrandListItem[]> {
|
|
const adminUser = await getAdminUser();
|
|
if (!adminUser) return [];
|
|
|
|
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL;
|
|
const serviceKey = process.env.SUPABASE_SERVICE_ROLE_KEY;
|
|
if (!supabaseUrl || !serviceKey) return [];
|
|
|
|
if (adminUser.role === "platform_admin") {
|
|
try {
|
|
const res = await fetch(
|
|
`${supabaseUrl}/rest/v1/brands?select=id,name,slug,logo_url&order=name`,
|
|
{ headers: svcHeaders(serviceKey), cache: "no-store" }
|
|
);
|
|
if (!res.ok) return [];
|
|
const data = await res.json();
|
|
return Array.isArray(data) ? data : [];
|
|
} catch {
|
|
return [];
|
|
}
|
|
}
|
|
|
|
if (adminUser.brand_ids.length === 0) return [];
|
|
|
|
// Use PostgREST `in` filter. The brand_ids are UUIDs, so the quoting
|
|
// pattern in the spec is safe; the inner quotes are required by PostgREST
|
|
// for UUID literals.
|
|
const filter = `id=in.(${adminUser.brand_ids
|
|
.map((id) => `"${id}"`)
|
|
.join(",")})`;
|
|
try {
|
|
const res = await fetch(
|
|
`${supabaseUrl}/rest/v1/brands?${filter}&select=id,name,slug,logo_url&order=name`,
|
|
{ headers: svcHeaders(serviceKey), cache: "no-store" }
|
|
);
|
|
if (!res.ok) return [];
|
|
const data = await res.json();
|
|
return Array.isArray(data) ? data : [];
|
|
} catch {
|
|
return [];
|
|
}
|
|
}
|