fix: query orders using admin client in admin routes to bypass RLS and show all orders to admin
All checks were successful
Staging Build / build (push) Successful in 3m24s
All checks were successful
Staging Build / build (push) Successful in 3m24s
This commit is contained in:
@@ -1,4 +1,4 @@
|
||||
import { createClient } from '@/lib/supabase/server'
|
||||
import { createAdminClient } from '@/lib/supabase/admin'
|
||||
import { OrdersTable } from '@/components/admin/orders-table'
|
||||
import { Suspense } from 'react'
|
||||
|
||||
@@ -20,9 +20,9 @@ export default async function AdminOrdersPage() {
|
||||
}
|
||||
|
||||
async function OrdersData() {
|
||||
const supabase = await createClient()
|
||||
const adminDb = createAdminClient()
|
||||
|
||||
const { data: orders, error } = await supabase
|
||||
const { data: orders, error } = await adminDb
|
||||
.from('orders')
|
||||
.select('*')
|
||||
.order('created_at', { ascending: false })
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
import { createClient } from '@/lib/supabase/server'
|
||||
import { createAdminClient } from '@/lib/supabase/admin'
|
||||
import { Card, CardContent, CardHeader, CardTitle } from '@/components/ui/card'
|
||||
import { Package, ShoppingCart, Users, TrendingUp } from 'lucide-react'
|
||||
import { AdminRecentOrders } from '@/components/admin/recent-orders'
|
||||
@@ -6,14 +7,15 @@ import { AdminRecentOrders } from '@/components/admin/recent-orders'
|
||||
// ─── KPI-Daten aus DB ────────────────────────────────────────────────────────
|
||||
async function getKpis() {
|
||||
const supabase = await createClient()
|
||||
const adminDb = createAdminClient()
|
||||
|
||||
const [
|
||||
{ data: orders },
|
||||
{ count: userCount },
|
||||
{ count: productCount },
|
||||
] = await Promise.all([
|
||||
supabase.from('orders').select('total_price, status'),
|
||||
supabase.from('profiles').select('*', { count: 'exact', head: true }),
|
||||
adminDb.from('orders').select('total_price, status'),
|
||||
adminDb.from('profiles').select('*', { count: 'exact', head: true }),
|
||||
supabase.from('products').select('*', { count: 'exact', head: true }),
|
||||
])
|
||||
|
||||
|
||||
@@ -1,11 +1,12 @@
|
||||
import { createClient } from '@/lib/supabase/server'
|
||||
import { createAdminClient } from '@/lib/supabase/admin'
|
||||
import { NextResponse } from 'next/server'
|
||||
|
||||
/**
|
||||
* GET /api/admin/recent-orders
|
||||
* Gibt die letzten 10 Bestellungen und Umsatzdaten der letzten 6 Monate zurück.
|
||||
* Wird vom Admin-Dashboard alle 30 Sekunden gepollt.
|
||||
* Zugriff nur für authentifizierte User (Supabase Session).
|
||||
* Zugriff nur für authentifizierte User mit Admin-Rolle (bypasses RLS).
|
||||
*/
|
||||
export async function GET() {
|
||||
const supabase = await createClient()
|
||||
@@ -16,8 +17,21 @@ export async function GET() {
|
||||
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
||||
}
|
||||
|
||||
// Admin-Rolle prüfen
|
||||
const { data: userData } = await supabase
|
||||
.from('users')
|
||||
.select('role')
|
||||
.eq('id', user.id)
|
||||
.single()
|
||||
|
||||
if (!userData || userData.role !== 'admin') {
|
||||
return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
|
||||
}
|
||||
|
||||
const adminDb = createAdminClient()
|
||||
|
||||
// 1. Letzte 10 Bestellungen laden
|
||||
const { data: orders, error } = await supabase
|
||||
const { data: orders, error } = await adminDb
|
||||
.from('orders')
|
||||
.select('id, order_number, created_at, total_price, status, customer_data')
|
||||
.order('created_at', { ascending: false })
|
||||
@@ -33,7 +47,7 @@ export async function GET() {
|
||||
sixMonthsAgo.setDate(1)
|
||||
sixMonthsAgo.setHours(0, 0, 0, 0)
|
||||
|
||||
const { data: chartOrders, error: chartError } = await supabase
|
||||
const { data: chartOrders, error: chartError } = await adminDb
|
||||
.from('orders')
|
||||
.select('total_price, created_at')
|
||||
.neq('status', 'cancelled')
|
||||
|
||||
Reference in New Issue
Block a user