Skip to content

Commit

Permalink
[UI] Ensure unpublished assets cannot be accessed anonymously (#248)
Browse files Browse the repository at this point in the history
* Ensure unpublished assets cannot be accessed anonymously

Added if check to redirect users to a 404 page if the asset they
attempt to access is unpublished and the user is anonymous.

Resolves #207

Signed-off-by: Zachary-Fernandes <[email protected]>

* Removed debug message

Signed-off-by: Zachary-Fernandes <[email protected]>
  • Loading branch information
Zachary-Fernandes authored Oct 27, 2021
1 parent 2d1a2c6 commit 34c3ba3
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions dashboard/origin-mlx/src/pages/MetaDetailPage.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
* SPDX-License-Identifier: Apache-2.0
*/
import React, { useContext, useEffect, useState, Children, ReactNode, ReactElement } from 'react'
import { capitalize, formatTitle } from '../lib/util';
import { capitalize, formatTitle, getUserInfo, hasRole } from '../lib/util';
import StoreContext from '../lib/stores/context'

import Button from '../components/Button/Button';
Expand Down Expand Up @@ -39,11 +39,13 @@ function MetaDetailPage(props: MetaDetailPageProps) {
if (!asset) {
fetchAssetById(API, type, id)
.then((asset: any) => {
if (asset === 'Not found') {
if (asset === 'Not found' || (asset.publish_approved === 0 && !hasRole(getUserInfo(), 'admin'))) {
asset.template = undefined
setAssetNotFound(true)
}
setAsset(asset)
else {
setAsset(asset)
}
})
.catch((error) => {
setAssetNotFound(true)
Expand Down

0 comments on commit 34c3ba3

Please sign in to comment.