78 lines
2.8 KiB
Markdown
78 lines
2.8 KiB
Markdown
# Phase 36: Admin Role & Panel Foundation - Discussion Log
|
|
|
|
> **Audit trail only.** Do not use as input to planning, research, or execution agents.
|
|
> Decisions are captured in CONTEXT.md — this log preserves the alternatives considered.
|
|
|
|
**Date:** 2026-04-19
|
|
**Phase:** 36 — Admin Role & Panel Foundation
|
|
**Areas discussed:** Admin panel layout, Admin nav link, Non-admin response, CLI grant interface
|
|
|
|
---
|
|
|
|
## Admin Panel Layout
|
|
|
|
| Option | Description | Selected |
|
|
|--------|-------------|----------|
|
|
| Structured shell | Full admin layout with sidebar nav (Items, Tags) — phases 37/38 slot in | ✓ |
|
|
| Minimal placeholder | Just a heading + coming soon text | |
|
|
|
|
**User's choice:** Structured shell with Items + Tags sidebar sections (both disabled in this phase)
|
|
**Notes:** User confirmed Items + Tags as the two nav sections matching phases 37 and 38.
|
|
|
|
---
|
|
|
|
## Admin Nav Link
|
|
|
|
| Option | Description | Selected |
|
|
|--------|-------------|----------|
|
|
| Yes — conditionally shown | Top nav shows 'Admin' only for admin users, isAdmin in /me response | ✓ |
|
|
| No — navigate directly | No nav link, admin accesses by URL | |
|
|
|
|
**Placement:**
|
|
|
|
| Option | Description | Selected |
|
|
|--------|-------------|----------|
|
|
| User avatar/menu area | Admin link in user dropdown near avatar | ✓ |
|
|
| Top-level nav item | Standalone nav item alongside main nav | |
|
|
| You decide | — | |
|
|
|
|
**User's choice:** Conditionally shown in the user avatar/menu area.
|
|
|
|
---
|
|
|
|
## Non-Admin Response
|
|
|
|
| Option | Description | Selected |
|
|
|--------|-------------|----------|
|
|
| Server 403 + client redirect | requireAdmin middleware + TanStack Router beforeLoad redirect | ✓ |
|
|
| Client redirect only | TanStack Router beforeLoad only | |
|
|
| Server 403 only | 403 response, no redirect | |
|
|
|
|
**User's choice:** Belt-and-suspenders: server 403 on API routes + client redirect on browser navigation.
|
|
|
|
---
|
|
|
|
## CLI Grant Interface
|
|
|
|
| Option | Description | Selected |
|
|
|--------|-------------|----------|
|
|
| bun run admin:grant \<email\> | Script looks up user by email | |
|
|
| bun run admin:grant \<logto-sub\> | Uses Logto sub identifier | |
|
|
| Direct SQL / Drizzle Studio | No script — UPDATE SQL directly | ✓ |
|
|
|
|
**Context:** User initially asked about doing it via the Logto UI. Clarified that since isAdmin lives in the GearBox DB (not Logto), the Logto UI cannot set it. User settled on direct SQL / Drizzle Studio — no CLI script needed for a single-admin app.
|
|
|
|
---
|
|
|
|
## Claude's Discretion
|
|
|
|
- Exact admin shell visual styling
|
|
- Whether `/admin` needs a dedicated server route or uses the SPA catch-all
|
|
- Internal structure of `requireAdmin` relative to `requireAuth`
|
|
|
|
## Deferred Ideas
|
|
|
|
- Logto UI-based admin management (requires Logto role claims — ruled out)
|
|
- Users section in admin sidebar (not in current roadmap)
|
|
- Formal CLI grant tool (deemed unnecessary)
|