makiolaj/GearBox
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases 10 Wiki Activity
Files
22f5004e53f19555f7f0ffd209c06f84a753c903
GearBox/.planning/phases/36-admin-role-panel-foundation/36-DISCUSSION-LOG.md

2.8 KiB
Raw Blame History

Phase 36: Admin Role & Panel Foundation - Discussion Log

Audit trail only. Do not use as input to planning, research, or execution agents. Decisions are captured in CONTEXT.md — this log preserves the alternatives considered.

Date: 2026-04-19 Phase: 36 — Admin Role & Panel Foundation Areas discussed: Admin panel layout, Admin nav link, Non-admin response, CLI grant interface

Admin Panel Layout

Option Description Selected
Structured shell Full admin layout with sidebar nav (Items, Tags) — phases 37/38 slot in
Minimal placeholder Just a heading + coming soon text

User's choice: Structured shell with Items + Tags sidebar sections (both disabled in this phase) Notes: User confirmed Items + Tags as the two nav sections matching phases 37 and 38.

Admin Nav Link

Option Description Selected
Yes — conditionally shown Top nav shows 'Admin' only for admin users, isAdmin in /me response
No — navigate directly No nav link, admin accesses by URL

Placement:

Option Description Selected
User avatar/menu area Admin link in user dropdown near avatar
Top-level nav item Standalone nav item alongside main nav
You decide

User's choice: Conditionally shown in the user avatar/menu area.

Non-Admin Response

Option Description Selected
Server 403 + client redirect requireAdmin middleware + TanStack Router beforeLoad redirect
Client redirect only TanStack Router beforeLoad only
Server 403 only 403 response, no redirect

User's choice: Belt-and-suspenders: server 403 on API routes + client redirect on browser navigation.

CLI Grant Interface

Option Description Selected
bun run admin:grant <email> Script looks up user by email
bun run admin:grant <logto-sub> Uses Logto sub identifier
Direct SQL / Drizzle Studio No script — UPDATE SQL directly

Context: User initially asked about doing it via the Logto UI. Clarified that since isAdmin lives in the GearBox DB (not Logto), the Logto UI cannot set it. User settled on direct SQL / Drizzle Studio — no CLI script needed for a single-admin app.

Claude's Discretion

  • Exact admin shell visual styling
  • Whether /admin needs a dedicated server route or uses the SPA catch-all
  • Internal structure of requireAdmin relative to requireAuth

Deferred Ideas

  • Logto UI-based admin management (requires Logto role claims — ruled out)
  • Users section in admin sidebar (not in current roadmap)
  • Formal CLI grant tool (deemed unnecessary)
Reference in New Issue View Git Blame Copy Permalink