fix: locked down navbar options for admin pages and added rls policies

2025-03-14 10:05:04 +00:00 · 2024-06-02 17:50:08 -04:00 · 2024-06-02 17:50:08 -04:00 · 0127d00021
commit 0127d00021
parent 02872252b5
2 changed files with 35 additions and 19 deletions
--- a/app/api/galleries/route.ts
+++ b/app/api/galleries/route.ts
@ -17,13 +17,13 @@ export async function POST(request: Request) {
  }
  else{
    // Rest of the code...
-  let { data: galleries, error } = await supabase
-    .from('galleries')
-    .select('*')
-    .contains('tags', tags) // Fix: Use contains instead of overlaps
-    .ilike('name', `%${search}%`)
+    let { data: galleries, error } = await supabase
+      .from('galleries')
+      .select('*')
+      .contains('tags', tags) // Fix: Use contains instead of overlaps
+      .ilike('name', `%${search}%`)

-  return NextResponse.json(galleries);
+    return NextResponse.json(galleries);
  }
 }
  
--- a/components/neroshitron/navigation_bar.tsx
+++ b/components/neroshitron/navigation_bar.tsx
@ -36,7 +36,17 @@ console.log(currentPage)
  }
  const url = getGravatarUrl();

-
+  const admins = await supabase.from('admins').select('user_id');
+  let isAdmin = false;
+  if(!admins.error) {
+    for (const admin of admins.data) {
+      if (admin.user_id == user?.id) {
+        isAdmin = true;
+        break;
+      }
+    }
+  }
+  
  return (
    <div className="flex justify-center items-center pt-2 ">
      <nav className="w-auto bg-primary-dark bg-opacity-40  flex justify-center z-10 h-16 animate-in rounded-md  shadow-lg" style={{ backdropFilter: 'blur(10px)' }}>
@ -44,18 +54,24 @@ console.log(currentPage)
          <div className="flex items-center gap-2 z-10">

          {/* This is admin stuff */}
-            <Link
-              href="/gallery/admin"
-              className={`py-2 px-3 w-32  text-center flex rounded-md lg:block hidden no-underline ${currentPage!="gallery" ? 'bg-secondary hover:bg-secondary-light' : 'bg-secondary hover:bg-secondary-light'}`}
-            >
-              <span className="hidden lg:block">Gallery Admin</span>
-            </Link>
-            <Link
-              href="/admin/"
-              className={`py-2 px-3 w-38  text-center flex rounded-md lg:block hidden no-underline ${currentPage!="gallery" ? 'bg-secondary hover:bg-secondary-light' : 'bg-secondary hover:bg-secondary-light'}`}
-            >
-              <span className="hidden lg:block">System Settings</span>
-            </Link>
+
+            {(isAdmin) && (
+              <>
+              
+              <Link
+                href="/gallery/admin"
+                className={`py-2 px-3 w-32  text-center flex rounded-md lg:block hidden no-underline ${currentPage!="gallery" ? 'bg-secondary hover:bg-secondary-light' : 'bg-secondary hover:bg-secondary-light'}`}
+              >
+                <span className="hidden lg:block">Gallery Admin</span>
+              </Link>
+              <Link
+                href="/admin/"
+                className={`py-2 px-3 w-38  text-center flex rounded-md lg:block hidden no-underline ${currentPage!="gallery" ? 'bg-secondary hover:bg-secondary-light' : 'bg-secondary hover:bg-secondary-light'}`}
+              >
+                <span className="hidden lg:block">System Settings</span>
+              </Link>
+            </>
+            )}

            <Link
              href="/gallery"