Protect frontend routes based on user logged in status

activist-org / activist

An open-source activism platform

https://activist.org

GNU Affero General Public License v3.0

209 stars 173 forks source link

Protect frontend routes based on user logged in status #876

Closed andrewtavis closed 3 weeks ago

andrewtavis commented 2 months ago

Terms

[X] I have searched open and closed feature requests
[X] I agree to follow activist's Code of Conduct

Description

Something that’s needed is to make sure that certain routes aren’t reachable given the status of the user. Specifically the following routes should be blocked if the user isn’t signed in:

/organizations/create
/groups/create
/events/create
/resources/create

Signed in users should also be redirected to /home if they navigate to auth pages directly via a URL. Beyond this we have the settings pages, which should be protected eventually, but only after they switch over from being template pages.

Suggestions for other pages that need attention would be welcome!

Contribution

I’ll likely work on this once we get the final routes decided and once there’s more connection between the front and back end.

wkyoshida commented 1 month ago

I imagine that protecting based on roles would also fall under here + simply doing things like only rendering certain components (or parts of components) based on whether user has certain roles

andrewtavis commented 1 month ago

Note from the sync: we can do an on mounted check and then directly route them to auth/sign-in if they for some reason don't have a token 🪙

UnknownSean8 commented 1 month ago

Hi, can I try to work on this feature, I have done some authentication/authorization in React but if it's possible I would like to try to implement it in VueJS as well. Thanks! :)

andrewtavis commented 1 month ago

Sounds good, @UnknownSean8! This one would be more high priority than the map tooltip, so it'd be good if you'd try to get a solution for this up sooner. Let us know if there's anything we can do to help!

andrewtavis commented 1 month ago

@momanyisamuel and I are talking about this now :) The best way to do this would be to enable Pinia and have the middleware handle the routes and their respective protections.

UnknownSean8 commented 1 month ago

Ahhh, but the current pinia is not fully implemented yet right, I'll be implementing it? Thanks!

andrewtavis commented 1 month ago

We're sending a base Pinia implementation in #891 :) We can talk more about this tomorrow 😊

UnknownSean8 commented 1 month ago

Okay! I'll try to attend if possible. As the time zone difference is pretty big rn as I'm back in my home country for a month. :/

UnknownSean8 commented 1 month ago

Hii, I was looking into the commits just now, specifically 3cf5fb2c25159194f0ba354489bd690f6ee5b4a1, it seems like some of the routes have already been done. Maybe I could follow those implementations and do something similar for the other routes? 😬

andrewtavis commented 3 weeks ago

Closed by #896 and 3cf5fb2 😊 Thanks, @UnknownSean8!