ui/src/auth/RequireAdmin.tsx

import { Navigate, Outlet } from 'react-router';
import { useAuthStore, useIsAdmin } from './auth-store';

/**
 * Route guard for admin pages.
 *
 * Redirects non-admin users to '/'.  The guard is intentionally lenient when
 * the user is authenticated but their roles array is transiently empty (e.g.
 * during a token refresh).  In that case we render nothing rather than
 * navigating away — the refresh will restore the roles within milliseconds and
 * avoid losing unsaved form state on admin pages.
 */
export function RequireAdmin() {
  const isAdmin = useIsAdmin();
  const roles = useAuthStore((s) => s.roles);
  const isAuthenticated = useAuthStore((s) => s.isAuthenticated);

  // Authenticated but roles not yet populated (token refresh in progress) —
  // render nothing and wait rather than redirecting.
  if (isAuthenticated && roles.length === 0) return null;

  if (!isAdmin) return <Navigate to="/" replace />;
  return <Outlet />;
}
feat: role-based UI access control - Hide Admin sidebar section for non-ADMIN users - Add RequireAdmin route guard — /admin/* redirects to / for non-admin - Move App Config from admin section to main Config tab (per-app, visible when app selected). VIEWER sees read-only, OPERATOR+ can edit - Hide diagram node toolbar for VIEWER (onNodeAction conditional) - Add useIsAdmin/useCanControl helpers to centralize role checks - Remove App Config from admin sidebar tree Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-06 15:51:15 +02:00			`import { Navigate, Outlet } from 'react-router';`
fix: prevent admin page redirect during token refresh adminFetch called logout() directly on 401/403 responses, which cleared roles and caused RequireAdmin to redirect to /exchanges while users were editing forms. Now adminFetch attempts a token refresh before failing, and RequireAdmin tolerates a transient empty-roles state during refresh. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-09 18:28:45 +02:00			`import { useAuthStore, useIsAdmin } from './auth-store';`
feat: role-based UI access control - Hide Admin sidebar section for non-ADMIN users - Add RequireAdmin route guard — /admin/* redirects to / for non-admin - Move App Config from admin section to main Config tab (per-app, visible when app selected). VIEWER sees read-only, OPERATOR+ can edit - Hide diagram node toolbar for VIEWER (onNodeAction conditional) - Add useIsAdmin/useCanControl helpers to centralize role checks - Remove App Config from admin sidebar tree Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-06 15:51:15 +02:00
fix: prevent admin page redirect during token refresh adminFetch called logout() directly on 401/403 responses, which cleared roles and caused RequireAdmin to redirect to /exchanges while users were editing forms. Now adminFetch attempts a token refresh before failing, and RequireAdmin tolerates a transient empty-roles state during refresh. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-09 18:28:45 +02:00			`/**`
			`* Route guard for admin pages.`
			`*`
			`* Redirects non-admin users to '/'. The guard is intentionally lenient when`
			`* the user is authenticated but their roles array is transiently empty (e.g.`
			`* during a token refresh). In that case we render nothing rather than`
			`* navigating away — the refresh will restore the roles within milliseconds and`
			`* avoid losing unsaved form state on admin pages.`
			`*/`
feat: role-based UI access control - Hide Admin sidebar section for non-ADMIN users - Add RequireAdmin route guard — /admin/* redirects to / for non-admin - Move App Config from admin section to main Config tab (per-app, visible when app selected). VIEWER sees read-only, OPERATOR+ can edit - Hide diagram node toolbar for VIEWER (onNodeAction conditional) - Add useIsAdmin/useCanControl helpers to centralize role checks - Remove App Config from admin sidebar tree Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-06 15:51:15 +02:00			`export function RequireAdmin() {`
			`const isAdmin = useIsAdmin();`
fix: prevent admin page redirect during token refresh adminFetch called logout() directly on 401/403 responses, which cleared roles and caused RequireAdmin to redirect to /exchanges while users were editing forms. Now adminFetch attempts a token refresh before failing, and RequireAdmin tolerates a transient empty-roles state during refresh. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-09 18:28:45 +02:00			`const roles = useAuthStore((s) => s.roles);`
			`const isAuthenticated = useAuthStore((s) => s.isAuthenticated);`

			`// Authenticated but roles not yet populated (token refresh in progress) —`
			`// render nothing and wait rather than redirecting.`
			`if (isAuthenticated && roles.length === 0) return null;`

feat: role-based UI access control - Hide Admin sidebar section for non-ADMIN users - Add RequireAdmin route guard — /admin/* redirects to / for non-admin - Move App Config from admin section to main Config tab (per-app, visible when app selected). VIEWER sees read-only, OPERATOR+ can edit - Hide diagram node toolbar for VIEWER (onNodeAction conditional) - Add useIsAdmin/useCanControl helpers to centralize role checks - Remove App Config from admin sidebar tree Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-06 15:51:15 +02:00			`if (!isAdmin) return <Navigate to="/" replace />;`
			`return <Outlet />;`
			`}`