simplQ-frontend icon indicating copy to clipboard operation
simplQ-frontend copied to clipboard

Published 20 hours ago verified publisher icon SimplQ

Unauthorised admin page accesses should not result in page load

Open maaverik opened this issue 4 years ago • 4 comments

Describe the bug If we try opening the admin page of a queue created by another signed-in user, the page opens, although backend info doesn't come through. We shouldn't even show the admin page in cases like this.

To Reproduce Steps to reproduce the behavior: Open the admin link of a queue created by a different signed-in user. The page opens up with options even though the member list doesn't load.

Expected behavior It should clearly say "unauthorized access, please login to continue" or "you're not the owner of this queue".

maaverik avatar Jan 17 '21 19:01 maaverik

One option is to have a "Unauthorised" page like PageNotFound in your routes at path="/unauthorised".

Then whenever we make a network call, if backend returns (401, Unauthorised), we should take the user to the Unauthorised page here.

The only caveat is that the moment some request says unauthorised, the user will be taken to the new page. But I in our current state, this is what we need,

daltonfury42 avatar Jan 19 '21 04:01 daltonfury42

@maaverik Can I take this one?

mathkruger avatar Jan 24 '21 21:01 mathkruger

@maaverik can i do this?

tusharrajpoot avatar Oct 08 '22 19:10 tusharrajpoot

This project is not being actively maintained anymore. Thanks for offering to help!

maaverik avatar Oct 11 '22 04:10 maaverik