From 4d0ee8e578c1c838666fb8ccdfef6f20f70dfea6 Mon Sep 17 00:00:00 2001 From: Gustavo Henrique Santos Souza de Miranda Date: Wed, 21 Jan 2026 04:25:56 -0300 Subject: [PATCH] chore: mark US-016 as complete and update progress log Co-Authored-By: Claude Opus 4.5 --- prd.json | 2 +- progress.txt | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/prd.json b/prd.json index dcc6a63..b7f6d9c 100644 --- a/prd.json +++ b/prd.json @@ -280,7 +280,7 @@ "Verify in browser using dev-browser skill" ], "priority": 16, - "passes": false, + "passes": true, "notes": "" }, { diff --git a/progress.txt b/progress.txt index 5deaa6b..0e6b6b9 100644 --- a/progress.txt +++ b/progress.txt @@ -15,6 +15,8 @@ - Auth pages use 'use client' with useState, createClient() from lib/supabase/client.ts, and useRouter for redirects - For lists with client-side updates (delete/add), use wrapper client component that receives initialData from server component - Toast component in `src/components/Toast.tsx` for success/error notifications (auto-dismiss after 3s) +- Admin operations use SUPABASE_SERVICE_ROLE_KEY (server-side only via server actions) +- Admin users have is_admin=true in profiles table; check via .select('is_admin').eq('id', user.id).single() --- @@ -239,3 +241,22 @@ - Trim whitespace from input value before validation and submission - handleRename callback updates project name in state using map() to preserve list order --- + +## 2026-01-21 - US-016 +- What was implemented: Admin invite user functionality +- Files changed: + - src/app/admin/invite/page.tsx - new admin-only page with access check (redirects non-admins) + - src/app/admin/invite/InviteForm.tsx - client component with invite form and state management + - src/app/admin/invite/actions.ts - server action using service role key to call inviteUserByEmail + - src/components/Navbar.tsx - added isAdmin prop and "Invite User" link (visible only to admins) + - src/app/dashboard/layout.tsx - fetches profile.is_admin and passes it to Navbar + - .env.example - added SUPABASE_SERVICE_ROLE_KEY and NEXT_PUBLIC_SITE_URL +- **Learnings for future iterations:** + - Admin operations require SUPABASE_SERVICE_ROLE_KEY (server-side only, not NEXT_PUBLIC_*) + - Use createClient from @supabase/supabase-js directly for admin client (not @supabase/ssr) + - Admin client needs auth config: { autoRefreshToken: false, persistSession: false } + - inviteUserByEmail requires redirectTo option for the signup link in email + - Server actions ('use server') can access private env vars safely + - Admin check should happen both in server component (redirect) and server action (double check) + - Admin page uses its own layout (not dashboard layout) to have custom styling +---