Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.auction-rise.com/llms.txt

Use this file to discover all available pages before exploring further.

Admin Panel

The admin panel at /admin is accessible only to users with the is_super_admin flag on their profiles row. It provides full user management (create, edit, delete) and any other super-admin-gated tooling you add.

The Super Admin Role

is_super_admin is a boolean column on the profiles table, defaulting to false. A database trigger (prevent_super_admin_self_modify) prevents any user from elevating their own privileges — only the service role can change this column. An is_super_admin() SQL helper function is available for use in RLS policies on any table you want to restrict to super admins.

Setting Up the First Super Admin

After running migrations, promote your account via the Supabase SQL editor: 
UPDATE public.profiles
SET is_super_admin = true
WHERE id = '<your-user-id>';
This is the only way to create the first super admin. Afterward, existing super admins can promote others through the admin panel.

User Management

The admin panel (/admin) supports:
  • List users — paginated with search by name/email
  • Create user — name, email, password, optional super admin flag
  • Edit user — update name, email, or super admin status
  • Delete user — requires typing the user’s email to confirm
Self-protection is enforced at the action level: you cannot remove your own super admin status or delete your own account.

Server Actions

import {
  checkIsSuperAdmin,
  listUsers,
  createUser,
  updateUser,
  deleteUser,
} from "@/lib/admin/actions";
All actions call checkIsSuperAdmin() internally and return an error if the caller is not a super admin. User creation and deletion use auth.admin.createUser() / auth.admin.deleteUser() via the Supabase admin client.

Route Protection

The /admin prefix is in saas.config.ts protectedRoutes. An additional server-side check in each admin page/action verifies is_super_admin. Both layers are required — middleware only checks authentication, not role.

Auth Context Flag

isSuperAdmin is available via useAuth() in Client Components, fetched from profiles.is_super_admin on sign-in. Use it to conditionally show admin navigation: 
const { isSuperAdmin } = useAuth();
if (isSuperAdmin) return <Link href="/admin">Admin</Link>;