Admin Login
Passwordless magic-link sign-in for restaurant staff.
The admin login page is at /admin/login. It uses Supabase Auth with
email OTP (magic link) — there are no passwords.
Signing in
- Enter your staff email address.
- Tap Send magic link.
- Check your inbox for an email from Supabase Auth.
- Click the link in the email — it redirects you to
/adminand signs you in.
Magic links expire after 1 hour. If the link has expired, return to /admin/login
and request a new one.
Access control
Only email addresses recognised by Supabase Auth can receive a working magic link. Submitting an unrecognised email will send an email that contains no valid session.
Owner vs staff roles
Access levels are controlled per outlet via the platform auth tables (profiles +
user_module_roles):
| Role | Permissions |
|---|---|
| Owner (manager) | Full access. Can create, edit, activate, deactivate, and delete slots and zones. Can manage day controls (block dates, sold-out slots, capacities). Can invite new staff. |
| Staff | Operational access only. Can confirm/reject bookings, mark no-shows, block dates, mark slots sold out, and adjust capacities. Cannot modify slots or zones. |
Auto-claim for owners
When an owner signs in for the first time, the system automatically creates their
profile and manager role if their email is listed in the outlet’s owner_emails:
-- Pre-seed owner emails on the outlet
UPDATE res_outlets
SET owner_emails = ARRAY[
'owner1@katha.coffee',
'owner2@katha.coffee'
]
WHERE slug = 'katha-crafthouse';
No manual SQL required — the first login auto-claims the owner.
Inviting staff
Owners can invite new team members from Settings → Team:
- Enter the staff member’s email
- Select role: Staff or Manager
- Tap Invite
The invited user receives a magic link email. On first sign-in, their profile and module role are created automatically.
API endpoint (for integrations):
POST /api/admin/invite
Authorization: Bearer <token>
Content-Type: application/json
{
"email": "new@katha.coffee",
"role": "staff" // or "manager"
}
Manual setup (rarely needed)
If you need to add a user directly without the invite flow:
-- 1. Create profile (id must match auth.users.id)
INSERT INTO profiles (id, tenant_id, email, role)
VALUES (
'auth-user-uuid-from-supabase',
(SELECT id FROM tenants WHERE slug = 'katha'),
'staff@kathacrafthouse.com',
'outlet_staff'
);
-- 2. Grant reservations role for the outlet
INSERT INTO user_module_roles (profile_id, outlet_id, module, role)
VALUES (
'auth-user-uuid-from-supabase',
(SELECT id FROM res_outlets WHERE slug = 'katha-crafthouse'),
'reservations',
'staff' -- or 'manager'
);
Session behaviour
Once signed in, your session is kept alive automatically by Supabase Auth. You are
redirected to /admin/login if your session expires or if you sign out from the
dashboard or settings page.
The dashboard and settings pages redirect to /admin/login immediately if no active
session is detected on load.