How to prevent users from changing their own roles?

[drmcclelland]

I noticed that after logging in, I am able to use the Chrome Dev tools to change my role (example: GUEST to SUPER_ADMIN)... all I have to do is navigate to any thing in the app and it instantly shows me all the links on the navbar which are available to the new role I entered. What would be a good way to keep this from happening? I wouldn't want them to see any data or perform any actions that they aren't authorized for.

[JamesABA]

I get the feeling that the author intended developers to refactor in a 'proper' authentication module that handles this in a secure fashion, the example shows only how to structure your routes and role mapping.

Something like msal react could work if you're using AAD as an identity provider (https://docs.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-react)

[umair-khanzada]

Hey, @drmcclelland I'm so sorry for the super delay. actually, I was quite busy the previous week.
Thank you for reporting this issue, I have checked it and am able to reproduce it. I have created a PR for that if you still looking for a solution you must check the PR and let me know if have any confusion. Here is the PR