fix: query orders using admin client in admin routes to bypass RLS and show all orders to admin
All checks were successful
Staging Build / build (push) Successful in 3m24s
All checks were successful
Staging Build / build (push) Successful in 3m24s
This commit is contained in:
@@ -1,4 +1,4 @@
|
|||||||
import { createClient } from '@/lib/supabase/server'
|
import { createAdminClient } from '@/lib/supabase/admin'
|
||||||
import { OrdersTable } from '@/components/admin/orders-table'
|
import { OrdersTable } from '@/components/admin/orders-table'
|
||||||
import { Suspense } from 'react'
|
import { Suspense } from 'react'
|
||||||
|
|
||||||
@@ -20,9 +20,9 @@ export default async function AdminOrdersPage() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
async function OrdersData() {
|
async function OrdersData() {
|
||||||
const supabase = await createClient()
|
const adminDb = createAdminClient()
|
||||||
|
|
||||||
const { data: orders, error } = await supabase
|
const { data: orders, error } = await adminDb
|
||||||
.from('orders')
|
.from('orders')
|
||||||
.select('*')
|
.select('*')
|
||||||
.order('created_at', { ascending: false })
|
.order('created_at', { ascending: false })
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
import { createClient } from '@/lib/supabase/server'
|
import { createClient } from '@/lib/supabase/server'
|
||||||
|
import { createAdminClient } from '@/lib/supabase/admin'
|
||||||
import { Card, CardContent, CardHeader, CardTitle } from '@/components/ui/card'
|
import { Card, CardContent, CardHeader, CardTitle } from '@/components/ui/card'
|
||||||
import { Package, ShoppingCart, Users, TrendingUp } from 'lucide-react'
|
import { Package, ShoppingCart, Users, TrendingUp } from 'lucide-react'
|
||||||
import { AdminRecentOrders } from '@/components/admin/recent-orders'
|
import { AdminRecentOrders } from '@/components/admin/recent-orders'
|
||||||
@@ -6,14 +7,15 @@ import { AdminRecentOrders } from '@/components/admin/recent-orders'
|
|||||||
// ─── KPI-Daten aus DB ────────────────────────────────────────────────────────
|
// ─── KPI-Daten aus DB ────────────────────────────────────────────────────────
|
||||||
async function getKpis() {
|
async function getKpis() {
|
||||||
const supabase = await createClient()
|
const supabase = await createClient()
|
||||||
|
const adminDb = createAdminClient()
|
||||||
|
|
||||||
const [
|
const [
|
||||||
{ data: orders },
|
{ data: orders },
|
||||||
{ count: userCount },
|
{ count: userCount },
|
||||||
{ count: productCount },
|
{ count: productCount },
|
||||||
] = await Promise.all([
|
] = await Promise.all([
|
||||||
supabase.from('orders').select('total_price, status'),
|
adminDb.from('orders').select('total_price, status'),
|
||||||
supabase.from('profiles').select('*', { count: 'exact', head: true }),
|
adminDb.from('profiles').select('*', { count: 'exact', head: true }),
|
||||||
supabase.from('products').select('*', { count: 'exact', head: true }),
|
supabase.from('products').select('*', { count: 'exact', head: true }),
|
||||||
])
|
])
|
||||||
|
|
||||||
|
|||||||
@@ -1,11 +1,12 @@
|
|||||||
import { createClient } from '@/lib/supabase/server'
|
import { createClient } from '@/lib/supabase/server'
|
||||||
|
import { createAdminClient } from '@/lib/supabase/admin'
|
||||||
import { NextResponse } from 'next/server'
|
import { NextResponse } from 'next/server'
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* GET /api/admin/recent-orders
|
* GET /api/admin/recent-orders
|
||||||
* Gibt die letzten 10 Bestellungen und Umsatzdaten der letzten 6 Monate zurück.
|
* Gibt die letzten 10 Bestellungen und Umsatzdaten der letzten 6 Monate zurück.
|
||||||
* Wird vom Admin-Dashboard alle 30 Sekunden gepollt.
|
* Wird vom Admin-Dashboard alle 30 Sekunden gepollt.
|
||||||
* Zugriff nur für authentifizierte User (Supabase Session).
|
* Zugriff nur für authentifizierte User mit Admin-Rolle (bypasses RLS).
|
||||||
*/
|
*/
|
||||||
export async function GET() {
|
export async function GET() {
|
||||||
const supabase = await createClient()
|
const supabase = await createClient()
|
||||||
@@ -16,8 +17,21 @@ export async function GET() {
|
|||||||
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Admin-Rolle prüfen
|
||||||
|
const { data: userData } = await supabase
|
||||||
|
.from('users')
|
||||||
|
.select('role')
|
||||||
|
.eq('id', user.id)
|
||||||
|
.single()
|
||||||
|
|
||||||
|
if (!userData || userData.role !== 'admin') {
|
||||||
|
return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
|
||||||
|
}
|
||||||
|
|
||||||
|
const adminDb = createAdminClient()
|
||||||
|
|
||||||
// 1. Letzte 10 Bestellungen laden
|
// 1. Letzte 10 Bestellungen laden
|
||||||
const { data: orders, error } = await supabase
|
const { data: orders, error } = await adminDb
|
||||||
.from('orders')
|
.from('orders')
|
||||||
.select('id, order_number, created_at, total_price, status, customer_data')
|
.select('id, order_number, created_at, total_price, status, customer_data')
|
||||||
.order('created_at', { ascending: false })
|
.order('created_at', { ascending: false })
|
||||||
@@ -33,7 +47,7 @@ export async function GET() {
|
|||||||
sixMonthsAgo.setDate(1)
|
sixMonthsAgo.setDate(1)
|
||||||
sixMonthsAgo.setHours(0, 0, 0, 0)
|
sixMonthsAgo.setHours(0, 0, 0, 0)
|
||||||
|
|
||||||
const { data: chartOrders, error: chartError } = await supabase
|
const { data: chartOrders, error: chartError } = await adminDb
|
||||||
.from('orders')
|
.from('orders')
|
||||||
.select('total_price, created_at')
|
.select('total_price, created_at')
|
||||||
.neq('status', 'cancelled')
|
.neq('status', 'cancelled')
|
||||||
|
|||||||
Reference in New Issue
Block a user