13.3 admin UI:
- (admin) route group with own layout + red banner + sidebar (Collectives,
Admins, Audit log, Server). +layout.ts is client-rendered (ssr=false),
same rationale as the (app) group.
- /admin/collectives — paginated list via admin_list_collectives, search
by name, soft-delete / restore / hard-delete modals (hard-delete needs
explicit checkbox; force toggle bypasses the 30-day wait server-side).
- /admin/collectives/[id] — members list with kick action; recent actions
for the collective filtered from admin_actions.
- /admin/admins — list via server_admins join to users (disambiguated by
FK name — there are TWO FKs to users so the embed needs the explicit
server_admins_user_id_fkey); promote modal does an email lookup; revoke
button is replaced by "you (cannot revoke yourself while sole admin)"
when applicable.
- /admin/audit — paginated feed (default 50), action filter.
- /admin/server — server-layer default-section toggles backed by
admin_set_default_section + the new admin_clear_default_section RPC
(added because patching the JSONB to `true` is NOT equivalent to "no
opinion" — `true` explicitly overrides a collective OFF).
13.4 sidebar/drawer entry:
- $isServerAdmin store (writable; +$isServerAdminLoaded for the gate
race) refreshed on every onAuthStateChange in root layout, cleared on
sign-out. Cached so the sidebar tile is synchronous.
- DesktopSidebar + MobileDrawer render the entry only when the store is
true. Distinct red icon so it never blends with normal nav.
Stores wiring:
- features.ts gains serverSectionDefaults writable + enabledSections
derived now reads server > collective > user > default. Loader
piggybacks on loadCurrentUserFeatures so the server layer is fetched
once per sign-in.
- serverAdmin.ts new module — refreshServerAdminFlag() + clearServerAdminFlag().
- Tracks isServerAdminLoaded so the (admin) layout doesn't redirect away
during the millisecond between SIGNED_IN and the RPC resolving (caught
empirically — every hard-load to /admin/* bounced to / without it).
13.5 tests:
- admin.test.ts (SA-01..SA-04) with new loginAsAdmin fixture. Ana is the
seed admin (server_admins seeded via supabase/seed.sql).
- SA-04 + SV-02 reset their server-layer JSONB via the new
admin_clear_default_section RPC so the suites don't leak state into
each other.
Migration 025 adds admin_clear_default_section(text) — same SECURITY DEFINER
+ audit pattern as the rest. pgTAP 017 updated (23 plans, AR-T13b + the
SECURITY DEFINER list now includes the clear RPC).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
30 lines
1.3 KiB
TypeScript
30 lines
1.3 KiB
TypeScript
/**
|
|
* Server-admin login helper (Fase 13.5.2).
|
|
*
|
|
* Ana is pre-seeded into `public.server_admins` by `supabase/seed.sql`. This
|
|
* helper is a thin sugar over `loginAs(page, USERS.ana)` that ALSO waits for
|
|
* `$isServerAdmin` to flip true (which only happens once the root layout's
|
|
* `refreshServerAdminFlag()` resolves). Tests that rely on the sidebar admin
|
|
* entry being rendered need this; tests that hit /admin/* directly do not
|
|
* (the layout's effect handles the wait).
|
|
*
|
|
* We don't expose a non-Ana admin promotion path here — the integration suite
|
|
* already covers `grant_server_admin` end-to-end. If a test needs a different
|
|
* admin it should call grant_server_admin from a privileged-client setup step
|
|
* and rely on the next token refresh; we have no such test today.
|
|
*/
|
|
import type { Page } from '@playwright/test';
|
|
import { USERS } from './users.js';
|
|
import { loginAs } from './login.js';
|
|
|
|
export async function loginAsAdmin(page: Page): Promise<void> {
|
|
await loginAs(page, USERS.ana);
|
|
// `refreshServerAdminFlag()` is fire-and-forget inside the auth callback
|
|
// and the sidebar tile keys off the resulting store. Wait until the
|
|
// rendered tile (or its data-testid) actually appears so any subsequent
|
|
// click is deterministic.
|
|
await page.waitForSelector('[data-testid="sidebar-admin-link"]', {
|
|
timeout: 10_000
|
|
});
|
|
}
|