Skip to content

restrict admin users#432

Merged
michelleyeoh merged 6 commits intomainfrom
restrict-admin-page
May 5, 2026
Merged

restrict admin users#432
michelleyeoh merged 6 commits intomainfrom
restrict-admin-page

Conversation

@michelleyeoh
Copy link
Copy Markdown
Contributor

@michelleyeoh michelleyeoh commented Mar 9, 2026

No description provided.

@michelleyeoh michelleyeoh linked an issue Mar 9, 2026 that may be closed by this pull request
restrict admin users #431
Closed
@michelleyeoh michelleyeoh marked this pull request as draft March 9, 2026 04:08
@michelleyeoh michelleyeoh marked this pull request as ready for review May 5, 2026 05:55
@michelleyeoh michelleyeoh requested a review from Copilot May 5, 2026 05:55
Copilot AI reviewed May 5, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR tightens access control for the admin panel by introducing an email allow-list, driven by a HUB_ADMIN_EMAIL environment variable, in addition to existing role-based gating.

Changes:

  • Add allowedUsers support to ProtectedDisplay and enforce an allow-list check against user.email.
  • Restrict the admin layout by passing allowedUsers derived from process.env.HUB_ADMIN_EMAIL.
  • Sync HUB_ADMIN_EMAIL into Vercel environment variables via the staging/production GitHub workflows.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File Description
app/(pages)/admin/layout.tsx Reads HUB_ADMIN_EMAIL and passes it as an allow-list to the admin ProtectedDisplay.
app/(pages)/_components/ProtectedDisplay/ProtectedDisplay.tsx Adds optional allowedUsers filtering and redirects when the active user’s email isn’t allow-listed.
.github/workflows/staging.yaml Adds HUB_ADMIN_EMAIL to the set of secrets synced into Vercel env vars.
.github/workflows/production.yaml Adds HUB_ADMIN_EMAIL to the set of secrets synced into Vercel env vars.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread app/(pages)/_components/ProtectedDisplay/ProtectedDisplay.tsx Outdated
Comment thread app/(pages)/_components/ProtectedDisplay/ProtectedDisplay.tsx Outdated
Comment thread app/(pages)/admin/layout.tsx
@michelleyeoh michelleyeoh requested a review from Copilot May 5, 2026 06:13
Copilot AI reviewed May 5, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 5 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread app/(pages)/admin/layout.tsx
Comment thread app/(pages)/_components/ProtectedDisplay/ProtectedDisplay.tsx Outdated
Comment thread app/(pages)/admin/layout.tsx
Comment thread .github/workflows/staging.yaml
Comment thread .github/workflows/production.yaml
@michelleyeoh
hard check on admin email
e29c062 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@michelleyeoh michelleyeoh merged commit 0a9fc5d into main May 5, 2026
2 checks passed
@michelleyeoh michelleyeoh deleted the restrict-admin-page branch May 5, 2026 06:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

restrict admin users

2 participants

@michelleyeoh