feature: add support for viewing, adding and removing system admins#1062
feature: add support for viewing, adding and removing system admins#1062evanrbowers merged 3 commits intomainfrom
Conversation
|
This pull request is automatically being deployed by Amplify Hosting (learn more). |
|
@codex review |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 52b26d45cb
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| break | ||
| } | ||
| } | ||
| const result = await graphQLAdminUsers({ from: 0, size: 100 }, filters, 'email') |
There was a problem hiding this comment.
The admins list always calls graphQLAdminUsers({ from: 0, size: 100 }, ...) and never follows hasMore/total, so tenants with more than 100 admins will silently lose visibility of everyone past the first page. In that scenario admins beyond index 100 cannot be discovered from the list UI (and therefore are effectively unmanaged unless the operator already knows exact identifiers to search).
Useful? React with 👍 / 👎.
| if (result !== 'ERROR' && result?.data?.data?.admin?.users?.items?.[0]) { | ||
| setAdmin(result.data.data.admin.users.items[0]) |
There was a problem hiding this comment.
fetchAdmin accepts any user returned for adminId and stores it without checking user.admin, but this page always renders “System Admin” and admin-only actions. If someone navigates directly to /admin/admins/<non-admin-id>, the UI misclassifies that account as an admin and offers incorrect actions, so the detail view should reject non-admin records before rendering.
Useful? React with 👍 / 👎.
| history.push('/admin/admins') | ||
| onAdminRemoved?.() | ||
| window.dispatchEvent(new Event('refreshAdminData')) |
There was a problem hiding this comment.
After successful demotion this flow only redirects and emits refreshAdminData, but it never invalidates/refetches adminUsers state. Because adminUsers.fetchUserDetail returns cached entries first and the users page only fetches when empty, previously cached data can continue to show the demoted account as admin until a manual refresh, creating inconsistent admin status across pages.
Useful? React with 👍 / 👎.
2 participants
Changes