JunctionApp icon indicating copy to clipboard operation
JunctionApp copied to clipboard
verified publisher icon hackjunction

BUG: admin page visible for non logged-in users

Open pholm opened this issue 4 years ago • 1 comments

🐛 Bug Report

What went wrong? 🤔

User can access https://app.hackjunction.com/admin without logging in. Fortunately, the actions check if the user has required permissions, so it seems no damage can be done.

Expected Behavior

App should check the permissions before accessing a page.

Actual Behavior

The page is shown, if the user happens to know the URL.

Steps to Reproduce Issue

  1. Log out
  2. Navigate to https://app.hackjunction.com/admin
  3. Avot

Solution

Check permissions before routing the user.

Environment

Operating System

macOS Monterey

Browser

Chrome

pholm avatar Aug 04 '21 08:08 pholm

There's a component called RequiresRole.js, could probably be used in routes.

khenriksson avatar Aug 25 '21 14:08 khenriksson