Slack clone example allows everyone having +admin email address to get control over the app, right? Any plans on fixing that?

I think that's by design, see https://github.com/supabase/supabase/tree/master/examples/nextjs-slack-clone#role-based-access-control-rbac

Well ye i meant supaadmin but nevertheless the boilerplate is not immediately usable

Clones of apps should always be considered a starting point or proof of concept. They're rarely intended to be deployed immediately without some changes.

I think this example app was intended to show what you can do with postgres functions to easily handle signups. public.handle_new_user() is a great starting point but perhaps it shouldn't be part of the default schema to start with, and maybe something that you can add later as a more advanced step in setting up your supabase project.

Maybe improve the clone to limit emails to a certain domain? Or instead add endpoints for adding roles manually instead of plus-email addresses system