Module · Branches & Multi-Tenancy

The piece that makes one codebase serve any number of schools or campuses. Branch CRUD, super-admin switcher, and the RLS audit.

The branches module is small but central. Plan ~4 hours.

If you've followed along correctly, multi-tenancy is already working — every table you built has branch_id and RLS scoped to it. This module is just the explicit UI for managing branches and a cross-branch view for super admins.

1. Branch CRUD (Super Admin Only)

/admin/branches — list, add, edit, archive.

The list is straightforward. The form has these fields:

const BranchSchema = z.object({
  name:       z.string().min(2),
  city:       z.string().min(2),
  state:      z.string().optional(),
  address:    z.string().min(5),
  phone:      z.string().regex(/^[6-9]\d{9}$/),
  email:      z.string().email(),
  established_year: z.number().int().min(1900).max(new Date().getFullYear()),
})

Note: only super admins should see this menu item. Use both a UI check and an RLS policy:

create policy "branches_insert_super_only" on public.branches
  for insert with check (public.is_super_admin());
 
create policy "branches_update_super_only" on public.branches
  for update using (public.is_super_admin());

The UI check hides the menu; the RLS check is the real enforcement.

2. Branch Statistics Dashboard

The super admin wants a snapshot of each branch. One RPC, one round-trip:

create or replace function public.branch_summary()
returns table (
  branch_id        uuid,
  branch_name      text,
  city             text,
  total_students   bigint,
  total_teachers   bigint,
  pending_fees     numeric,
  fees_paid_mtd    numeric,  -- Month-to-date
  attendance_pct_mtd numeric
)
language sql
stable
security invoker
as $$
  select
    b.id,
    b.name,
    b.city,
    count(distinct s.id) filter (where s.deleted_at is null),
    count(distinct t.id),
    coalesce(sum(fp.amount) filter (where fp.status = 'pending'), 0),
    coalesce(sum(fp.amount) filter (where fp.status = 'completed' and fp.paid_at >= date_trunc('month', now())), 0),
    round(
      100.0 * count(a.id) filter (where a.status = 'present' and a.date >= date_trunc('month', now()))
      / nullif(count(a.id) filter (where a.date >= date_trunc('month', now())), 0),
      1
    )
  from public.branches b
  left join public.students s on s.branch_id = b.id
  left join public.profiles t on t.branch_id = b.id and t.role = 'teacher'
  left join public.fee_payments fp on fp.branch_id = b.id
  left join public.attendance a on a.branch_id = b.id
  where b.deleted_at is null
  group by b.id, b.name, b.city
  order by b.name
$$;

The super admin dashboard does one call:

const { data: branches } = await supabase.rpc('branch_summary')

And renders a table with all the numbers. Branch admins don't need this — they only see their own branch.

3. The Branch Switcher (Super Admin Only)

A super admin frequently wants to "be" a branch admin temporarily — see exactly what the Andheri admin sees. Don't fake user accounts. Instead, add a branch switcher:

'use client'
import { useBranchContext } from '@/stores/branch-context'
 
export function BranchSwitcher() {
  const { allBranches, currentBranchId, setCurrentBranchId } = useBranchContext()
  if (allBranches.length <= 1) return null  // Only show for super admin
 
  return (
    <select
      value={currentBranchId ?? ''}
      onChange={e => setCurrentBranchId(e.target.value || null)}
      className="px-3 py-1.5 border rounded-lg text-sm"
    >
      <option value="">All branches</option>
      {allBranches.map(b => <option key={b.id} value={b.id}>{b.name}</option>)}
    </select>
  )
}

Backed by a Zustand store:

// src/stores/branch-context.ts
import { create } from 'zustand'
import { persist } from 'zustand/middleware'
 
interface BranchContextState {
  allBranches: { id: string; name: string }[]
  currentBranchId: string | null
  setAllBranches: (b: { id: string; name: string }[]) => void
  setCurrentBranchId: (id: string | null) => void
}
 
export const useBranchContext = create<BranchContextState>()(
  persist(
    (set) => ({
      allBranches: [],
      currentBranchId: null,
      setAllBranches: (b) => set({ allBranches: b }),
      setCurrentBranchId: (id) => set({ currentBranchId: id }),
    }),
    { name: 'sahinov-branch-context' }
  )
)

Every query that lists data adds .eq('branch_id', currentBranchId) if set:

let q = supabase.from('students').select('*').is('deleted_at', null)
if (currentBranchId) q = q.eq('branch_id', currentBranchId)
const { data } = await q

This is purely a UI filter — RLS still applies. A super admin viewing "Andheri" via the switcher would have seen all branches anyway; the switcher just adds a .eq() to filter the view.

4. The RLS Audit (Half-Day Investment, Saves Weeks Later)

Before you launch, do a deliberate RLS audit. For every table, log in as every persona and run a query. Note what you see vs what you should see.

Build a small dev-only page at /admin/dev/rls-audit that runs the audit programmatically:

const TABLES = ['branches', 'students', 'teachers', 'parents', 'attendance', 'exams', 'exam_marks', 'fee_payments', 'circulars'] as const
 
export default function RlsAuditPage() {
  const supabase = createBrowserClient()
 
  return (
    <div>
      <h1>RLS audit — current user view</h1>
      <p className="text-sm text-gray-600">Counts visible to you, logged in right now.</p>
      <ul>
        {TABLES.map(t => <AuditRow key={t} table={t} />)}
      </ul>
    </div>
  )
}
 
function AuditRow({ table }: { table: string }) {
  const { data, isLoading } = useQuery({
    queryKey: ['rls-audit', table],
    queryFn: async () => {
      const supabase = createBrowserClient()
      const { count } = await supabase.from(table).select('*', { count: 'exact', head: true })
      return count
    },
  })
  return <li>{table}: {isLoading ? '…' : data ?? '?'}</li>
}

Then:

Compare against your permission matrix. If anything is off, fix the RLS policy before launch. RLS bugs found after a parent saw another child's marks are not recoverable.

5. The Multi-Tenant Promise

Multi-tenancy isn't a feature — it's a promise. The promise is:

"Aurora Public School in Mumbai and St. Joseph's in Pune can both use this system, share the same codebase, share the same Supabase database, and never see each other's data."

For your training project, you'll probably only have one "school" (your fictional Aurora Public). But the architecture you've built supports any number. To add St. Joseph's as a second tenant, you would:

Create a schools table parent to branches.
Add school_id to every table (next to branch_id).
Extend RLS to filter on school_id too.

That's a ~half-day refactor. Worth doing if you ever plan to commercialise this. Otherwise, skip — for one school, branch-level multi-tenancy is sufficient.

6. What to Verify

Super admin can create + edit + archive branches
Branch admin tries to access /admin/branches → 403
Branch summary dashboard shows correct numbers (cross-check against direct queries)
Branch switcher correctly filters every list page
RLS audit shows expected row counts for every persona

What's Next

Your school SaaS is feature-complete. Six modules — Students, Attendance, Exams, Payments, Circulars, Branches — all working, all isolated, all secure. Time to make it real: production deploy, error monitoring, edge cases, and putting it in front of someone who will actually use it.

Next: Launch

The branches module is small but central. Plan ~4 hours.

1. Branch CRUD (Super Admin Only)

/admin/branches — list, add, edit, archive.

The list is straightforward. The form has these fields:

const BranchSchema = z.object({
  name:       z.string().min(2),
  city:       z.string().min(2),
  state:      z.string().optional(),
  address:    z.string().min(5),
  phone:      z.string().regex(/^[6-9]\d{9}$/),
  email:      z.string().email(),
  established_year: z.number().int().min(1900).max(new Date().getFullYear()),
})

Note: only super admins should see this menu item. Use both a UI check and an RLS policy:

create policy "branches_insert_super_only" on public.branches
  for insert with check (public.is_super_admin());
 
create policy "branches_update_super_only" on public.branches
  for update using (public.is_super_admin());

The UI check hides the menu; the RLS check is the real enforcement.

2. Branch Statistics Dashboard

The super admin wants a snapshot of each branch. One RPC, one round-trip:

create or replace function public.branch_summary()
returns table (
  branch_id        uuid,
  branch_name      text,
  city             text,
  total_students   bigint,
  total_teachers   bigint,
  pending_fees     numeric,
  fees_paid_mtd    numeric,  -- Month-to-date
  attendance_pct_mtd numeric
)
language sql
stable
security invoker
as $$
  select
    b.id,
    b.name,
    b.city,
    count(distinct s.id) filter (where s.deleted_at is null),
    count(distinct t.id),
    coalesce(sum(fp.amount) filter (where fp.status = 'pending'), 0),
    coalesce(sum(fp.amount) filter (where fp.status = 'completed' and fp.paid_at >= date_trunc('month', now())), 0),
    round(
      100.0 * count(a.id) filter (where a.status = 'present' and a.date >= date_trunc('month', now()))
      / nullif(count(a.id) filter (where a.date >= date_trunc('month', now())), 0),
      1
    )
  from public.branches b
  left join public.students s on s.branch_id = b.id
  left join public.profiles t on t.branch_id = b.id and t.role = 'teacher'
  left join public.fee_payments fp on fp.branch_id = b.id
  left join public.attendance a on a.branch_id = b.id
  where b.deleted_at is null
  group by b.id, b.name, b.city
  order by b.name
$$;

The super admin dashboard does one call:

const { data: branches } = await supabase.rpc('branch_summary')

And renders a table with all the numbers. Branch admins don't need this — they only see their own branch.

3. The Branch Switcher (Super Admin Only)

A super admin frequently wants to "be" a branch admin temporarily — see exactly what the Andheri admin sees. Don't fake user accounts. Instead, add a branch switcher:

'use client'
import { useBranchContext } from '@/stores/branch-context'
 
export function BranchSwitcher() {
  const { allBranches, currentBranchId, setCurrentBranchId } = useBranchContext()
  if (allBranches.length <= 1) return null  // Only show for super admin
 
  return (
    <select
      value={currentBranchId ?? ''}
      onChange={e => setCurrentBranchId(e.target.value || null)}
      className="px-3 py-1.5 border rounded-lg text-sm"
    >
      <option value="">All branches</option>
      {allBranches.map(b => <option key={b.id} value={b.id}>{b.name}</option>)}
    </select>
  )
}

Backed by a Zustand store:

// src/stores/branch-context.ts
import { create } from 'zustand'
import { persist } from 'zustand/middleware'
 
interface BranchContextState {
  allBranches: { id: string; name: string }[]
  currentBranchId: string | null
  setAllBranches: (b: { id: string; name: string }[]) => void
  setCurrentBranchId: (id: string | null) => void
}
 
export const useBranchContext = create<BranchContextState>()(
  persist(
    (set) => ({
      allBranches: [],
      currentBranchId: null,
      setAllBranches: (b) => set({ allBranches: b }),
      setCurrentBranchId: (id) => set({ currentBranchId: id }),
    }),
    { name: 'sahinov-branch-context' }
  )
)

Every query that lists data adds .eq('branch_id', currentBranchId) if set:

let q = supabase.from('students').select('*').is('deleted_at', null)
if (currentBranchId) q = q.eq('branch_id', currentBranchId)
const { data } = await q

This is purely a UI filter — RLS still applies. A super admin viewing "Andheri" via the switcher would have seen all branches anyway; the switcher just adds a .eq() to filter the view.

4. The RLS Audit (Half-Day Investment, Saves Weeks Later)

Before you launch, do a deliberate RLS audit. For every table, log in as every persona and run a query. Note what you see vs what you should see.

Build a small dev-only page at /admin/dev/rls-audit that runs the audit programmatically:

const TABLES = ['branches', 'students', 'teachers', 'parents', 'attendance', 'exams', 'exam_marks', 'fee_payments', 'circulars'] as const
 
export default function RlsAuditPage() {
  const supabase = createBrowserClient()
 
  return (
    <div>
      <h1>RLS audit — current user view</h1>
      <p className="text-sm text-gray-600">Counts visible to you, logged in right now.</p>
      <ul>
        {TABLES.map(t => <AuditRow key={t} table={t} />)}
      </ul>
    </div>
  )
}
 
function AuditRow({ table }: { table: string }) {
  const { data, isLoading } = useQuery({
    queryKey: ['rls-audit', table],
    queryFn: async () => {
      const supabase = createBrowserClient()
      const { count } = await supabase.from(table).select('*', { count: 'exact', head: true })
      return count
    },
  })
  return <li>{table}: {isLoading ? '…' : data ?? '?'}</li>
}

Then:

Compare against your permission matrix. If anything is off, fix the RLS policy before launch. RLS bugs found after a parent saw another child's marks are not recoverable.

5. The Multi-Tenant Promise

Multi-tenancy isn't a feature — it's a promise. The promise is:

"Aurora Public School in Mumbai and St. Joseph's in Pune can both use this system, share the same codebase, share the same Supabase database, and never see each other's data."

Create a schools table parent to branches.
Add school_id to every table (next to branch_id).
Extend RLS to filter on school_id too.

That's a ~half-day refactor. Worth doing if you ever plan to commercialise this. Otherwise, skip — for one school, branch-level multi-tenancy is sufficient.

6. What to Verify

Super admin can create + edit + archive branches
Branch admin tries to access /admin/branches → 403
Branch summary dashboard shows correct numbers (cross-check against direct queries)
Branch switcher correctly filters every list page
RLS audit shows expected row counts for every persona

Module · Branches & Multi-Tenancy

1. Branch CRUD (Super Admin Only)

2. Branch Statistics Dashboard

3. The Branch Switcher (Super Admin Only)

4. The RLS Audit (Half-Day Investment, Saves Weeks Later)

5. The Multi-Tenant Promise

6. What to Verify

What's Next

Next: Launch

On this page

Module · Branches & Multi-Tenancy

1. Branch CRUD (Super Admin Only)

2. Branch Statistics Dashboard

3. The Branch Switcher (Super Admin Only)

4. The RLS Audit (Half-Day Investment, Saves Weeks Later)

5. The Multi-Tenant Promise

6. What to Verify

What's Next

Next: Launch

On this page