chapter icon indicating copy to clipboard operation
chapter copied to clipboard

Published 20 hours ago verified publisher icon freeCodeCamp

Logic in the dashboard that redirects the user when they don't have permission

Open Sboonny opened this issue 2 years ago • 3 comments

Describe the feature I have discussed this with @ojeytonwilliams today about adding status can't access error which turned to redirect users, I am opening an issue to document it (so I don't forget), and get your opinions.

Currently, we are hiding the component that people can't interact with in the dashboard, instead of doing that I thought of displaying "can't access" error in layout, when they don't have permission.

Oilver had a better idea, we can use /dashboard and add logic which direct users to the page they want, or can't access error if they don't have it.

This will make it easier to find the logic and update as it will be in something related to dashboard, and it would remove the need to hide some actions in the component itself.

Sboonny avatar Dec 20 '22 14:12 Sboonny

I'm not sure if I understand how this would work. Any more specific example?

I think, if I'd click on some button and after loading next page, learned that I cannot use that button, because I don't have permission for it, I'd be pretty annoyed.

gikf avatar Dec 26 '22 20:12 gikf

I will be honest, I don't remember what was discussed, and I haven't worked on it because of me taking break on holiday, so what Oliver suggested is completely lost, and we need him to give more context again. 🤦

here is the jest of what I wanted.

the layout.tsx has NextError for not logged in users, we can duplicate this and account for permission to view the children in the layout too.

here is the NextError: https://github.com/freeCodeCamp/chapter/blob/4cdff000b6f07cf453df464004201fbf19506dd7/client/src/modules/dashboard/shared/components/Layout.tsx#L52-L53

We can add something like this:

const hasPermission = account for permission
 if (!hasPermission) 
   return <NextError statusCode={500} title={`Can't access this page`} />;

This will clear the need for view permission in the DataTable files

Sboonny avatar Dec 27 '22 03:12 Sboonny

I didn't take notes, so I'm a little hazy on what we discussed. From memory we were talking about redirecting users to a part of the dashboard they have access to, but on reflection I think that could be quite annoying. i.e. if they go to /dashboard/calendar but only have access to /dashboard/events then it'll redirect to the latter.

The current behaviour is okay, I think. We could, as Muhammed suggested, catch the fact a user doesn't have permission when we render the layout. That would give a slightly cleaner display.

ojeytonwilliams avatar Jan 03 '23 16:01 ojeytonwilliams