/dashboard/teams/[accountId]/settings/* pages not protected from team members

[gmarcus]

Great project so far.

Found an edge case when I have a team member (not owner) that is able to access settings pages. Even though the sidebar hides the menu item Settings, a member can simply enter the URLs for the settings.

RLS prevents a team member from updating settings, but they should not be able to view/interact with the pages at all.

Here is a screenshot of a team member that is able to view the the settings/members page:

If a member accesses a nested Settings page, they should be redirected to the Team Dashboard.
Even though RLS is taking care of the data, what is a good pattern to protect routes?

[jamesthesken]

@gmarcus You could use something like this, I think:

const router = useRouter();
const { accountId } = router.query;

const { accountRole } = useTeamRole(accountId as string);

if (accountRole === "member") {
  // push the member back to the home page, dashboard, etc.
  router.push("/");
}

[tiniscule]

Closing because the Next portion of this has been moved to a different repo - I'll be doing some work there shortly to simplify the starter kit to avoid things like this. Thanks for the report!