backend/handlers/api_admin.go

@@ -114,14 +114,14 @@ func (app *App) HandleAdminDeleteOrder(w http.ResponseWriter, r *http.Request) {
 }
 
 func (app *App) HandleGetUsers(w http.ResponseWriter, r *http.Request) {
-	rows, err := app.DB.Query("SELECT id, username, role FROM users ORDER BY id")
+	rows, err := app.DB.Query("SELECT id, username, role FROM users WHERE username != 'superadmin' ORDER BY id")
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
 	defer rows.Close()
 
-	var users []map[string]any
+	users := make([]map[string]any, 0)
 	for rows.Next() {
 		var id, role int
 		var username string

feedmee/src/app/admin/page.tsx

@@ -71,9 +71,14 @@ export default function AdminPage() {
     fetch(`${API_URL}/api/me`, {
       headers: { Authorization: `Bearer ${token}` },
     })
-      .then((res) => res.json())
+      .then((res) => {
-      .then((data) => {
+        console.log(res);
-        if (!data.role || data.role > 1) {
+        return res.json();
+      })
+      .then((data: { role?: number; username?: string }) => {
+        if (data.role == undefined || data.role > 1) {
+          console.log(data);
+          console.log("Not admin, redirecting");
           router.push("/landing");
         }
       })