Skip to content

Commit 3290376

Browse files
jacobsfletchjacobsfletch
committed
fix(next): ensures admin access only blocks admin routes
1 parent 2b5c1ba commit 3290376

File tree

2 files changed

+7
-3
lines changed

2 files changed

+7
-3
lines changed

packages/next/src/utilities/initPage.ts

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -99,6 +99,7 @@ export const initPage = async ({
9999
const globalSlug = entityType === 'globals' ? entitySlug : undefined
100100
const docID = collectionSlug && createOrID !== 'create' ? createOrID : undefined
101101

102+
const isAdminRoute = route.startsWith(adminRoute)
102103
const isAuthRoute = authRoutes.some((r) => r === route.replace(adminRoute, ''))
103104

104105
if (redirectUnauthenticatedUser && !user && !isAuthRoute) {
@@ -111,7 +112,7 @@ export const initPage = async ({
111112
redirect(`${routes.admin}/login?redirect=${route + stringifiedSearchParams}`)
112113
}
113114

114-
if (!permissions.canAccessAdmin && !isAuthRoute) {
115+
if (!permissions.canAccessAdmin && isAdminRoute && !isAuthRoute) {
115116
notFound()
116117
}
117118

packages/next/src/views/NotFound/index.tsx

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -46,10 +46,13 @@ export const NotFoundPage = async ({
4646
[key: string]: string | string[]
4747
}
4848
}) => {
49+
const config = await configPromise
50+
const { routes: { admin: adminRoute } = {} } = config
51+
4952
const initPageResult = await initPage({
50-
config: configPromise,
53+
config,
5154
redirectUnauthenticatedUser: true,
52-
route: '/not-found',
55+
route: `${adminRoute}/not-found`,
5356
searchParams,
5457
})
5558

0 commit comments

Comments
 (0)