Skip to content
ZajLibrary
prod e051e98
Browse

Phase 6 · SuperAdmin setup

Everything you can configure from inside the admin panel as the superadmin: branding, theme, email, payments, subscription plans, legal pages, and analytics. This phase is universal — it works for any CodeCanyon app because it’s driven by a check-first pattern (inspect what the panel exposes, configure what’s there, defer the rest), not a fixed menu.

Phase 6 — map the panel, then configure in-panel

Phase 6 — map the panel, then configure in-panel 1. Map & survey (read-only) → 2. Lock & brand (creds + assets) → 3. Email + payments (MUST) → 4. Legal + consent (MUST) → 5. Analytics + growth (live) Map & survey read-only Lock & brand creds + assets Email + payments MUST Legal + consent MUST Analytics + growth live
MUST work first (security, money, email, legal); SHOULD/LATER polish after. Out-of-panel work (external accounts, performance) is Phase 8; hardening is Phase 7.

This phase, page by page

Section titled “This phase, page by page”

The first two pages are read-only homework; pages 3–6 are the MUST core (security → email → money → legal); pages 7–8 close out with the SHOULD/LATER polish (theme + system pages, then analytics and the growth features).

1 · Concepts & admin model The in-app superadmin vs the three-tier ops model, the inspect-then-configure pattern, and the Playwright + Livewire traps to know before touching a form.
2 · Survey & brand profile The capabilities survey (what's editable vs hardcoded vs tier-gated), the vendor-docs digest with the APP_ENV scan, and the one-page brand profile every later task reads.
3 · Credentials & branding Rotate the default admin login, generate and upload the brand asset kit, resolve the server PHP binary, then audit and replace the vendor's demo content.
4 · Email (SMTP) Wire transactional email and learn the Froiden-family trap where a CustomConfigProvider loads SMTP from the DB regardless of APP_ENV — so the panel's warning banner lies.
5 · Payments & plans Choose a Stripe account strategy, discover the app's REAL webhook URL and events, wire keys with the three-actor model, then create plans only after market research.
6 · Legal & consent Publish real Privacy Policy and Terms content (both MUST) and enable the cookie/GDPR consent banner — with a clean hand-off to Phase 7 when the vendor ships no consent UI.
7 · Theme & system pages Apply brand colours (or defer to code), brand the 404/500/503 error pages, and prepare a maintenance-mode page with a bypass token.
8 · Engagement & SEO Wire GA4 (usually the 3-file deviation), then surface chat, social login, blog, and sitemap — configure or defer.

Sub-steps

Section titled “Sub-steps”
  1. Concepts & admin model — vocabulary, check-first pattern, Playwright + Livewire traps
  2. Survey & brand profile — capabilities survey, vendor-docs digest, brand profile
  3. Credentials & branding — rotate creds, brand assets, PHP binary, demo content
  4. Email (SMTP) — transactional email + the APP_ENV banner trap
  5. Payments & plans — Stripe strategy, webhooks, keys, subscription plans
  6. Legal & consent — Privacy, Terms, cookie/GDPR banner
  7. Theme & system pages — colours, error pages, maintenance mode
  8. Engagement & SEO — GA4, chat, social login, blog, sitemap

Next

Section titled “Next”

A configured, branded app still needs hardening before real users arrive. Continue to Phase 7 · Security & monitoring, then handle the out-of-panel work in Phase 8 · Configure app. This phase built on the live staging app from Phase 5 · Deploy to staging.