fix: move admin permission check to server-side to prevent flash (calcom#23517)

eunjae-lee · devin-ai-integration[bot] · web-flow · commit 34d2a130805e · 2025-09-10T11:15:37.000+01:00
- Move permission validation from AdminLayoutAppDirClient.tsx (client) to layout.tsx (server)
- Add server-side redirect using next/navigation redirect() function
- Remove client-side useEffect permission check to eliminate flash
- Follow same pattern as organizations layout for consistent auth handling
- Users without admin role are redirected to /settings/my-account/profile before any content renders

Co-authored-by: Devin AI &lt;158243242+devin-ai-integration[bot]@users.noreply.github.com&gt;
diff --git a/apps/web/app/(use-page-wrapper)/settings/(admin-layout)/AdminLayoutAppDirClient.tsx b/apps/web/app/(use-page-wrapper)/settings/(admin-layout)/AdminLayoutAppDirClient.tsx
@@ -1,11 +1,11 @@
 "use client";
 
-import { usePathname, useRouter } from "next/navigation";
+import { usePathname } from "next/navigation";
 import type { ComponentProps } from "react";
-import React, { useEffect } from "react";
+import React from "react";
 
 import type Shell from "@calcom/features/shell/Shell";
-import { UserPermissionRole } from "@calcom/prisma/enums";
+import type { UserPermissionRole } from "@calcom/prisma/enums";
 import { ErrorBoundary } from "@calcom/ui/components/errorBoundary";
 
 export type AdminLayoutProps = {
@@ -14,14 +14,6 @@ export type AdminLayoutProps = {
 } & ComponentProps<typeof Shell>;
 export default function AdminLayoutAppDirClient({ userRole, children }: AdminLayoutProps) {
   const pathname = usePathname();
-  const router = useRouter();
-
-  // Force redirect on component level
-  useEffect(() => {
-    if (userRole !== UserPermissionRole.ADMIN) {
-      router.replace("/settings/my-account/profile");
-    }
-  }, [userRole, router]);
 
   const isAppsPage = pathname?.startsWith("/settings/admin/apps");
   return (
diff --git a/apps/web/app/(use-page-wrapper)/settings/(admin-layout)/layout.tsx b/apps/web/app/(use-page-wrapper)/settings/(admin-layout)/layout.tsx
@@ -1,7 +1,9 @@
 import { cookies, headers } from "next/headers";
+import { redirect } from "next/navigation";
 import React from "react";
 
 import { getServerSession } from "@calcom/features/auth/lib/getServerSession";
+import { UserPermissionRole } from "@calcom/prisma/enums";
 
 import { buildLegacyRequest } from "@lib/buildLegacyCtx";
 
@@ -15,5 +17,9 @@ export default async function AdminLayoutAppDir(props: AdminLayoutAppDirProps) {
   const session = await getServerSession({ req: buildLegacyRequest(await headers(), await cookies()) });
   const userRole = session?.user?.role;
 
+  if (userRole !== UserPermissionRole.ADMIN) {
+    return redirect("/settings/my-account/profile");
+  }
+
   return await SettingsLayoutAppDir({ children: <AdminLayoutAppDirClient {...props} userRole={userRole} /> });
 }
