You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I noticed that after logging in, I am able to use the Chrome Dev tools to change my role (example: GUEST to SUPER_ADMIN)... all I have to do is navigate to any thing in the app and it instantly shows me all the links on the navbar which are available to the new role I entered. What would be a good way to keep this from happening? I wouldn't want them to see any data or perform any actions that they aren't authorized for.
The text was updated successfully, but these errors were encountered:
I get the feeling that the author intended developers to refactor in a 'proper' authentication module that handles this in a secure fashion, the example shows only how to structure your routes and role mapping.
Hey, @drmcclelland I'm so sorry for the super delay. actually, I was quite busy the previous week.
Thank you for reporting this issue, I have checked it and am able to reproduce it. I have created a PR for that if you still looking for a solution you must check the PR and let me know if have any confusion. Here is the PR
I noticed that after logging in, I am able to use the Chrome Dev tools to change my role (example: GUEST to SUPER_ADMIN)... all I have to do is navigate to any thing in the app and it instantly shows me all the links on the navbar which are available to the new role I entered. What would be a good way to keep this from happening? I wouldn't want them to see any data or perform any actions that they aren't authorized for.
The text was updated successfully, but these errors were encountered: