Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access control redirects don't respect basename when react-admin included inside a route #10380

Closed
zemccartney opened this issue Nov 25, 2024 · 1 comment · Fixed by #10383
Closed

Access control redirects don't respect basename when react-admin included inside a route #10380

zemccartney opened this issue Nov 25, 2024 · 1 comment · Fixed by #10383

Comments

@zemccartney
Copy link

What you were expecting:

  • A false result from my auth provider's canAccess to redirect me to the built-in access denied view

What happened instead:

  • a route not found error, as surfaced by react router, due to the redirect not accounting for the admin living at a custom path

Steps to reproduce:

Given:

  • an application with an existing router via react-router
  • a react-admin application
  1. Set the react-admin application as a route in the existing router
import Admin from "./Admin";

const router = createBrowserRouter([
  {
    path: "/",
    element: <div>Hello World</div>,
  },
  {
    path: "/admin/*",
    element: <Admin />,
  },
]);
  1. Pass basename="/admin" prop to react-admin's Admin element
  2. Register a couple of resources
  3. Restrict access to one of the resources entirely in authProvider.canAccess
canAccess: async ({ resource }) => {
        if (resource === 'users') {
            return false;
        }

        return true;
    },
  1. Manually navigate to the users list page (change browser's address bar), /admin/users

You'll land on /access-denied, not /admin/access-denied and see react-router's built-in 404 view

The same issue applies to the auth error redirect, too. For example, if you modify canAccess as follows:

canAccess: async ({ resource }) => {
        if (resource === 'users') {
            throw new Error('boom');
        }

        return true;
    },

You eventually land on the same react-router 404 view, but at path /authentication-error. This redirect took a few seconds whereas the false access control result redirected instantly; seems tangential, even irrelevant, but noting for completeness, in case an unexpected behavior.

Related code:

Minimal example repo: https://github.com/zemccartney/ra-route-redir-repro/tree/main

Other information:

Environment

  • React-admin version: 5.4.0
  • Last version that did not exhibit the issue (if applicable): N/A
  • React version: 18.3.1
  • Browser: Chrome 131
  • Stack trace (in case of a JS error): N/A
@djhi djhi mentioned this issue Nov 26, 2024
Merged
4 tasks
@fzaninotto
Copy link
Member

Thanks for the report! A fix is incoming.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix access control basename handling marmelab/react-admin
2 participants
@fzaninotto @zemccartney