You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Found an edge case when I have a team member (not owner) that is able to access settings pages. Even though the sidebar hides the menu item Settings, a member can simply enter the URLs for the settings.
RLS prevents a team member from updating settings, but they should not be able to view/interact with the pages at all.
Here is a screenshot of a team member that is able to view the the settings/members page:
If a member accesses a nested Settings page, they should be redirected to the Team Dashboard.
Even though RLS is taking care of the data, what is a good pattern to protect routes?
The text was updated successfully, but these errors were encountered:
@gmarcus You could use something like this, I think:
const router = useRouter();
const { accountId } = router.query;
const { accountRole } = useTeamRole(accountId as string);
if (accountRole === "member") {
// push the member back to the home page, dashboard, etc.
router.push("/");
}
Closing because the Next portion of this has been moved to a different repo - I'll be doing some work there shortly to simplify the starter kit to avoid things like this. Thanks for the report!
Great project so far.
Found an edge case when I have a team member (not owner) that is able to access settings pages. Even though the sidebar hides the menu item
Settings
, a member can simply enter the URLs for the settings.RLS prevents a team member from updating settings, but they should not be able to view/interact with the pages at all.
Here is a screenshot of a team member that is able to view the the settings/members page:
If a member accesses a nested Settings page, they should be redirected to the Team Dashboard.
Even though RLS is taking care of the data, what is a good pattern to protect routes?
The text was updated successfully, but these errors were encountered: