Reputation: 11809
How to prevent certain users from accessing a route and any subroutes in React?
What's the best way to prevent a particular user from accessing a route and any of its subroutes in react-router?
e.g. I have a route /admin/ and it has many other subroutes like /admin/create-user, /admin/settings, etc.
Is there another way of preventing users from accessing these routes without indicating on each component some condition like so?
if (user.role.name !== "Admin") {
return (
<div className="error-page">
<h1>Sorry, you don't have rights to access this page.</h1>
</div>
);
} else {
// render admin component
}
Upvotes: 1
Views: 1732
Answers (2)
Reputation: 17858
You need to use a custom ProtectedRoute component, and pass the required role to this whether the user can go to that route or not.
Codesandbox:
https://codesandbox.io/s/so-protect-route-roles-z7j3l
ProtectedRoute.js:
import React from "react";
import { Route, Redirect } from "react-router-dom";
import {user} from "./AuthService";
export const ProtectedRoute = ({
path,
component: Component,
render,
requiredRole,
...rest
}) => {
return (
<Route
path={path}
{...rest}
render={props => {
if (user.role.name === requiredRole) {
return Component ? <Component {...props} /> : render(props);
} else {
return <Redirect to="/error" />;
}
}}
/>
);
};
export default ProtectedRoute;
The AuthService is simply like this, you need to modify it to fit your requirements.
AuthService.js (you can change the role to Admin, to play with it)
export const user = {
name: "User 1",
role:{
name: "User"
}
}
App.js (Please note that we are using out ProtectedRoute component, and passing the required role to it)
import React, { Component } from "react";
import { BrowserRouter as Router, Link, Route } from "react-router-dom";
import Home from "./Home";
import User from "./User";
import Admin from "./Admin";
import Login from "./Login";
import ErrorPage from "./ErrorPage";
import ProtectedRoute from "./ProtectedRoute";
class App extends Component {
render() {
return (
<Router>
<div>
<ul>
<li>
<Link to="/">Home</Link>
</li>
<li>
<Link to="/user">User</Link>
</li>
<li>
<Link to="/admin">Admin</Link>
</li>
</ul>
<Route exact path="/" component={Home} />
<Route exact path="/login" component={Login} />
<Route exact path="/error" component={ErrorPage} />
<ProtectedRoute path="/user" component={User} requiredRole="User" />
<ProtectedRoute path="/admin" component={Admin} requiredRole="Admin" />
</div>
</Router>
);
}
}
export default App;
With this setup, a user without Admin role cannot navigate to Admin and it's nested routes.
Upvotes: 1
Reputation: 26
use the Route component as shown
if(user.role.name !== "Admin") {
<Route path="/admin" component={Admin} />
} else {
<Redirect to="/" />
}
if Admin show the component else redirect to home.
Upvotes: 0
Related Questions
- How can i protect routes in my reactjs project?
- React Router V6: prevent user from accessing children routes directly and redirect to parent route
- How can I limit the user from going to specific component
- How to restrict access to routes in react-router?
- How to protect routes, not to be accessed directly through URL?
- How to make routes private using react router
- How to make a route in React inaccessible to all users except when certain events happen
- React Router JWT protect routes
- how can i prevent access to routes in react js
- Prevent an user from accessing other routes - ReactJS - React-Router -