enforce admin role by reading user role instead of hardcoding

2025-11-19 18:06:24 +01:00
parent bc3e28d5ab
commit 7ae51ad034
11 changed files with 63 additions and 5 deletions
--- a/src/lib/auth.ts
+++ b/src/lib/auth.ts
@@ -78,7 +78,7 @@ export const { handlers, signIn, signOut, auth } = NextAuth({
      if (user) {
        token.id = user.id;
        token.email = user.email;
-        token.role = "admin";
+        token.role = user.role ?? "user";
      }
      return token;
    },