Skip to main content
The admin login page is at /admin/login. It uses Supabase Auth with email OTP (magic link) — there are no passwords.

Signing in

  1. Enter your staff email address.
  2. Tap Send magic link.
  3. Check your inbox for an email from Supabase Auth.
  4. Click the link in the email — it redirects you to /admin and signs you in.
Magic links expire after 1 hour. If the link has expired, return to /admin/login and request a new one.

Access control

Only email addresses recognised by Supabase Auth can receive a working magic link. Submitting an unrecognised email will send an email that contains no valid session.

Owner vs staff roles

Access levels are controlled per outlet via the platform auth tables (profiles + user_module_roles):
RolePermissions
Owner (manager)Full access. Can create, edit, activate, deactivate, and delete slots and zones. Can manage day controls (block dates, sold-out slots, capacities). Can invite new staff.
StaffOperational access only. Can confirm/reject bookings, mark no-shows, block dates, mark slots sold out, and adjust capacities. Cannot modify slots or zones.

Auto-claim for owners

When an owner signs in for the first time, the system automatically creates their profile and manager role if their email is listed in the outlet’s owner_emails:
-- Pre-seed owner emails on the outlet
UPDATE res_outlets
SET owner_emails = ARRAY[
  'owner1@katha.coffee',
  'owner2@katha.coffee'
]
WHERE slug = 'katha-crafthouse';
No manual SQL required — the first login auto-claims the owner.

Inviting staff

Owners can invite new team members from Settings → Team:
  1. Enter the staff member’s email
  2. Select role: Staff or Manager
  3. Tap Invite
The invited user receives a magic link email. On first sign-in, their profile and module role are created automatically. API endpoint (for integrations):
POST /api/admin/invite
Authorization: Bearer <token>
Content-Type: application/json

{
  "email": "new@katha.coffee",
  "role": "staff"  // or "manager"
}

Manual setup (rarely needed)

If you need to add a user directly without the invite flow:
-- 1. Create profile (id must match auth.users.id)
INSERT INTO profiles (id, tenant_id, email, role)
VALUES (
  'auth-user-uuid-from-supabase',
  (SELECT id FROM tenants WHERE slug = 'katha'),
  'staff@kathacrafthouse.com',
  'outlet_staff'
);

-- 2. Grant reservations role for the outlet
INSERT INTO user_module_roles (profile_id, outlet_id, module, role)
VALUES (
  'auth-user-uuid-from-supabase',
  (SELECT id FROM res_outlets WHERE slug = 'katha-crafthouse'),
  'reservations',
  'staff'  -- or 'manager'
);

Session behaviour

Once signed in, your session is kept alive automatically by Supabase Auth. You are redirected to /admin/login if your session expires or if you sign out from the dashboard or settings page. The dashboard and settings pages redirect to /admin/login immediately if no active session is detected on load.