Not every user is equal

Your notes app has real users. Sign up, log in, and user-scoped notes all work. But every user is equal. Alice can't see Bob's notes, and Bob can't see Alice's. That's the point of user-scoped data.

But what if you need to see everything? What if you need to know how many users signed up, what notes they created, or delete something inappropriate? Right now, the only way to check is to open the database directly.

You need an admin — a user who can see all data and take actions that regular users can't.

Member vs admin

The idea is simple: two experiences in one app. Regular users (members) see only their own data at /app. Admins see everything at /admin — all users, all notes, and controls to manage them.

Same login flow. Same app. Different access based on one field in the database.

The approach

You won't build a separate admin app or install a library. You'll:

1. Add a role column to the users table — null means member, 'admin' means admin
2. Create a seed script to promote a user to admin
3. Build a requireAdminFromCookie helper that gates routes and actions
4. Add an /admin route tree with its own layout and pages

?Authentication vs authorization

Here's the plan

1. Add roles to users — Schema change, migration, seed script, and access helper
2. Build the admin view — A dashboard showing all users and all notes
3. Add admin actions — Delete any note, with confirmation and server-side guards
4. Wrap up — Test both views and save your progress

By the end, you'll log in as a member and see only your data, then switch to an admin account and see everything. Let's start with the role column.