Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BUG: admin page visible for non logged-in users #473

Open
pholm opened this issue Aug 4, 2021 · 1 comment
Open

BUG: admin page visible for non logged-in users #473

pholm opened this issue Aug 4, 2021 · 1 comment
Labels
bug Something isn't working urgent Notice me

Comments

@pholm
Copy link
Contributor

pholm commented Aug 4, 2021

🐛 Bug Report

What went wrong? 🤔

User can access https://app.hackjunction.com/admin without logging in. Fortunately, the actions check if the user has required permissions, so it seems no damage can be done.

Expected Behavior

App should check the permissions before accessing a page.

Actual Behavior

The page is shown, if the user happens to know the URL.

Steps to Reproduce Issue

  1. Log out
  2. Navigate to https://app.hackjunction.com/admin
  3. Avot

Solution

Check permissions before routing the user.

Environment

Operating System

macOS Monterey

Browser

Chrome
@pholm pholm added bug Something isn't working urgent Notice me labels Aug 4, 2021
@pholm pholm changed the title BUG: admin page visible for non-logged in users BUG: admin page visible for non logged-in users Aug 4, 2021
@khenriksson
Copy link
Collaborator

There's a component called RequiresRole.js, could probably be used in routes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working urgent Notice me
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pholm @khenriksson