Unauthorised admin page accesses should not result in page load #476
Labels
You Can Do This
Will be accepted on priority
Comments
|
One option is to have a "Unauthorised" page like PageNotFound in your routes at Then whenever we make a network call, if backend returns (401, Unauthorised), we should take the user to the Unauthorised page here. The only caveat is that the moment some request says unauthorised, the user will be taken to the new page. But I in our current state, this is what we need, |
|
@maaverik Can I take this one? |
|
@maaverik can i do this? |
|
This project is not being actively maintained anymore. Thanks for offering to help! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
If we try opening the admin page of a queue created by another signed-in user, the page opens, although backend info doesn't come through. We shouldn't even show the admin page in cases like this.
To Reproduce
Steps to reproduce the behavior:
Open the admin link of a queue created by a different signed-in user. The page opens up with options even though the member list doesn't load.
Expected behavior
It should clearly say "unauthorized access, please login to continue" or "you're not the owner of this queue".
The text was updated successfully, but these errors were encountered: