improvement(auth): remove /api/user/super-user route, use session role

Include user.role in customSession so it's available client-side.
Replace all useSuperUserStatus() calls with session.user.role === 'admin'.
Delete the now-redundant /api/user/super-user endpoint.

Author: waleedlatif1

apps/sim/app/_shell/providers/session-provider.tsx

@@ -13,6 +13,7 @@ export type AppSession = {
     emailVerified?: boolean
     name?: string | null
     image?: string | null
+    role?: string
     createdAt?: Date
     updatedAt?: Date
   } | null

apps/sim/app/api/user/super-user/route.ts

@@ -148,7 +148,7 @@ export default function TemplateDetails({ isWorkspaceContext = false }: Template
   const [currentUserOrgRoles, setCurrentUserOrgRoles] = useState<
     Array<{ organizationId: string; role: string }>
   >([])
-  const [isSuperUser, setIsSuperUser] = useState(false)
+  const isSuperUser = session?.user?.role === 'admin'
   const [isUsing, setIsUsing] = useState(false)
   const [isEditing, setIsEditing] = useState(false)
   const [isApproving, setIsApproving] = useState(false)
@@ -186,21 +186,6 @@ export default function TemplateDetails({ isWorkspaceContext = false }: Template
       }
     }
 
-    const fetchSuperUserStatus = async () => {
-      if (!currentUserId) return
-
-      try {
-        const response = await fetch('/api/user/super-user')
-        if (response.ok) {
-          const data = await response.json()
-          setIsSuperUser(data.isSuperUser || false)
-        }
-      } catch (error) {
-        logger.error('Error fetching super user status:', error)
-      }
-    }
-
-    fetchSuperUserStatus()
     fetchUserOrganizations()
   }, [currentUserId])
 

apps/sim/app/templates/[id]/template.tsx

@@ -20,7 +20,6 @@ import { prefetchWorkspaceCredentials } from '@/hooks/queries/credentials'
 import { prefetchGeneralSettings, useGeneralSettings } from '@/hooks/queries/general-settings'
 import { useOrganizations } from '@/hooks/queries/organization'
 import { prefetchSubscriptionData, useSubscriptionData } from '@/hooks/queries/subscription'
-import { useSuperUserStatus } from '@/hooks/queries/user-profile'
 import { usePermissionConfig } from '@/hooks/use-permission-config'
 import { useSettingsNavigation } from '@/hooks/use-settings-navigation'
 
@@ -49,7 +48,6 @@ export function SettingsSidebar({
     staleTime: 5 * 60 * 1000,
   })
   const { data: ssoProvidersData, isLoading: isLoadingSSO } = useSSOProviders()
-  const { data: superUserData } = useSuperUserStatus(session?.user?.id)
 
   const activeOrganization = organizationsData?.activeOrganization
   const { config: permissionConfig } = usePermissionConfig()
@@ -65,7 +63,7 @@ export function SettingsSidebar({
   const hasTeamPlan = subscriptionStatus.isTeam || subscriptionStatus.isEnterprise
   const hasEnterprisePlan = subscriptionStatus.isEnterprise
 
-  const isSuperUser = superUserData?.isSuperUser ?? false
+  const isSuperUser = session?.user?.role === 'admin'
 
   const isSSOProviderOwner = useMemo(() => {
     if (isHosted) return null

apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-sidebar/settings-sidebar.tsx

@@ -9,7 +9,6 @@ const logger = createLogger('UserProfileQuery')
 export const userProfileKeys = {
   all: ['userProfile'] as const,
   profile: () => [...userProfileKeys.all, 'profile'] as const,
-  superUser: (userId?: string) => [...userProfileKeys.all, 'superUser', userId ?? ''] as const,
 }
 
 /**
@@ -117,40 +116,6 @@ export function useUpdateUserProfile() {
   })
 }
 
-/**
- * Superuser status response type
- */
-interface SuperUserStatus {
-  isSuperUser: boolean
-}
-
-/**
- * Fetch superuser status from API
- */
-async function fetchSuperUserStatus(signal?: AbortSignal): Promise<SuperUserStatus> {
-  const response = await fetch('/api/user/super-user', { signal })
-
-  if (!response.ok) {
-    return { isSuperUser: false }
-  }
-
-  const data = await response.json()
-  return { isSuperUser: data.isSuperUser ?? false }
-}
-
-/**
- * Hook to fetch superuser status
- * @param userId - User ID for cache isolation (required for proper per-user caching)
- */
-export function useSuperUserStatus(userId?: string) {
-  return useQuery({
-    queryKey: userProfileKeys.superUser(userId),
-    queryFn: ({ signal }) => fetchSuperUserStatus(signal),
-    enabled: Boolean(userId),
-    staleTime: 5 * 60 * 1000, // 5 minutes - superuser status rarely changes
-  })
-}
-
 /**
  * Reset password mutation
  */

apps/sim/hooks/queries/user-profile.ts

@@ -649,7 +649,10 @@ export const auth = betterAuth({
       expiresIn: 24 * 60 * 60, // 24 hours - Socket.IO handles connection persistence with heartbeats
     }),
     customSession(async ({ user, session }) => ({
-      user,
+      user: {
+        ...user,
+        role: (user as unknown as { role?: string }).role ?? 'user',
+      },
       session,
     })),
     emailOTP({