Revert "Unify workspace dropdowns; Update layouts (#458)"

This reverts commit 4bc8448a1d.
2026-03-11 14:47:47 +08:00
parent 4bc8448a1d
commit 4912e402a3
530 changed files with 11182 additions and 14382 deletions
--- a/apps/web/app/admin/AGENTS.md
+++ b/apps/web/app/admin/AGENTS.md
@@ -0,0 +1,56 @@
+# Super Admin
+
+## Critical Security Rules
+
+- **ALWAYS** use `AdminGuard` to protect pages
+- **ALWAYS** validate admin status before operations
+- **NEVER** bypass authentication or authorization
+- **ALWAYS** audit admin operations with logging
+- **ALWAYS** use `adminAction` to wrap admin actions @packages/features/admin/src/lib/server/utils/admin-action.ts
+
+## Page Structure
+
+```typescript
+import { AdminGuard } from '@kit/admin/components/admin-guard';
+import { PageBody, PageHeader } from '@kit/ui/page';
+
+async function AdminPage() {
+  return (
+    <>
+      <PageHeader title="Admin" />
+      <PageBody>{/* Content */}</PageBody>
+    </>
+  );
+}
+
+export default AdminGuard(AdminPage);
+```
+
+## Admin Client Usage
+
+```typescript
+import { isSuperAdmin } from '@kit/admin';
+import { getSupabaseServerAdminClient } from '@kit/supabase/server-admin-client';
+
+async function adminOperation() {
+  // CRITICAL: Validate first - admin client bypasses RLS
+  if (!(await isSuperAdmin(currentUser))) {
+    throw new Error('Unauthorized');
+  }
+
+  const adminClient = getSupabaseServerAdminClient();
+  // Safe to proceed
+}
+```
+
+## Audit Logging
+
+```typescript
+const logger = await getLogger();
+logger.info({
+  name: 'admin-audit',
+  action: 'delete-user',
+  adminId: currentUser.id,
+  targetId: userId,
+}, 'Admin action performed');
+```