Severity
Intermediate
Affected File & Line Number Range
src/components/admin/AdminDashboard.tsx (Line 45)
Detailed Description
The email address for the super administrator is hardcoded to a static string:
const SUPER_ADMIN_EMAIL = "admin@devpath.com";
This directly conflicts with the dynamic environment configuration variable process.env.NEXT_PUBLIC_SUPER_ADMIN_EMAIL used on the ap/page.tsx login page. Under a custom deployment (where the super admin email is changed), the dashboard controls will fail to identify the admin user correctly. This blocks critical features or lets admins demote/delete themselves by accident.
Steps to Reproduce
- Deploy the site with
NEXT_PUBLIC_SUPER_ADMIN_EMAIL set to a custom address.
- Sign in as the super admin.
- View the Admin Dashboard.
- Try to manage other admins or notice that the application fails to protect your own account because the dashboard checks against
admin@devpath.com.
Proposed Solution
Refactor AdminDashboard.tsx to retrieve the super admin email from the global environment variable:
const SUPER_ADMIN_EMAIL = process.env.NEXT_PUBLIC_SUPER_ADMIN_EMAIL;
Ensure fallback variables are set uniformly across all component files.
Severity
Intermediate
Affected File & Line Number Range
src/components/admin/AdminDashboard.tsx(Line 45)Detailed Description
The email address for the super administrator is hardcoded to a static string:
This directly conflicts with the dynamic environment configuration variable
process.env.NEXT_PUBLIC_SUPER_ADMIN_EMAILused on theap/page.tsxlogin page. Under a custom deployment (where the super admin email is changed), the dashboard controls will fail to identify the admin user correctly. This blocks critical features or lets admins demote/delete themselves by accident.Steps to Reproduce
NEXT_PUBLIC_SUPER_ADMIN_EMAILset to a custom address.admin@devpath.com.Proposed Solution
Refactor
AdminDashboard.tsxto retrieve the super admin email from the global environment variable:Ensure fallback variables are set uniformly across all component files.