Admin Dashboard

ShopySeed includes a Super Admin dashboard accessible at /dashboard/admin for platform-wide management.

Access Control

The admin dashboard is restricted to users with the isSuperAdmin flag set to true in the database. Regular users cannot see or access admin routes.

Setting Up a Super Admin

Update the user directly in the database:

UPDATE "User" SET "isSuperAdmin" = true WHERE email = 'admin@example.com';

Or via the Prisma seed file (apps/api/prisma/seed.ts):

await prisma.user.upsert({
  where: { email: 'admin@example.com' },
  update: { isSuperAdmin: true },
  create: {
    email: 'admin@example.com',
    passwordHash: await bcrypt.hash('password', 10),
    name: 'Admin',
    isSuperAdmin: true,
    emailVerified: true,
  },
});

Features

User Management

• List all users with pagination and search
• View user details: email, name, verification status, creation date
• Edit users: update name, toggle email verification, toggle super admin
• Delete users: permanently remove a user account

Organization Management

• List all organizations with member count and subscription info
• View organization details: name, slug, member list, current plan
• Subscription overview: plan, status, period dates

Platform Statistics

• Total users count
• Total organizations count
• Subscription distribution by plan (free/pro/enterprise)
• Growth metrics

API Endpoints

All admin endpoints require the isSuperAdmin flag and use the SuperAdminGuard:

Route Protection

The admin route is protected on both sides:

Backend: SuperAdminGuard checks req.user.isSuperAdmin before processing any admin endpoint.

Frontend: The admin page checks user.isSuperAdmin from the auth context. If the user is not a super admin, they are redirected to the dashboard.

// Frontend route guard
if (!user?.isSuperAdmin) {
  router.push('/dashboard');
  return null;
}