fix(next): ensures admin access only blocks admin routes

payloadcms · May 2, 2024 · 3290376 · 3290376
1 parent 2b5c1ba
commit 3290376
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/packages/next/src/utilities/initPage.ts b/packages/next/src/utilities/initPage.ts
@@ -99,6 +99,7 @@ export const initPage = async ({
   const globalSlug = entityType === 'globals' ? entitySlug : undefined
   const docID = collectionSlug && createOrID !== 'create' ? createOrID : undefined
 
+  const isAdminRoute = route.startsWith(adminRoute)
   const isAuthRoute = authRoutes.some((r) => r === route.replace(adminRoute, ''))
 
   if (redirectUnauthenticatedUser && !user && !isAuthRoute) {
@@ -111,7 +112,7 @@ export const initPage = async ({
     redirect(`${routes.admin}/login?redirect=${route + stringifiedSearchParams}`)
   }
 
-  if (!permissions.canAccessAdmin && !isAuthRoute) {
+  if (!permissions.canAccessAdmin && isAdminRoute && !isAuthRoute) {
     notFound()
   }
 

diff --git a/packages/next/src/views/NotFound/index.tsx b/packages/next/src/views/NotFound/index.tsx
@@ -46,10 +46,13 @@ export const NotFoundPage = async ({
     [key: string]: string | string[]
   }
 }) => {
+  const config = await configPromise
+  const { routes: { admin: adminRoute } = {} } = config
+
   const initPageResult = await initPage({
-    config: configPromise,
+    config,
     redirectUnauthenticatedUser: true,
-    route: '/not-found',
+    route: `${adminRoute}/not-found`,
     searchParams,
   })