1. 技术文章
  2. How to prevent certain users from accessing a route and any subroutes in React?

How to prevent certain users from accessing a route and any subroutes in React?

£可爱£侵袭症+ 提交于 2021-02-10 14:57:36

问题


What's the best way to prevent a particular user from accessing a route and any of its subroutes in react-router?

e.g. I have a route /admin/ and it has many other subroutes like /admin/create-user, /admin/settings, etc.

Is there another way of preventing users from accessing these routes without indicating on each component some condition like so?

if (user.role.name !== "Admin") {
    return (
      <div className="error-page">
        <h1>Sorry, you don't have rights to access this page.</h1>
     </div>
    );
  } else {
  // render admin component
}

回答1:


You need to use a custom ProtectedRoute component, and pass the required role to this whether the user can go to that route or not.

Codesandbox:

https://codesandbox.io/s/so-protect-route-roles-z7j3l

ProtectedRoute.js:

import React from "react";
import { Route, Redirect } from "react-router-dom";
import {user} from "./AuthService";

export const ProtectedRoute = ({
  path,
  component: Component,
  render,
  requiredRole,
  ...rest
}) => {

  return (
    <Route
      path={path}
      {...rest}
      render={props => {
        if (user.role.name === requiredRole) {
          return Component ? <Component {...props} /> : render(props);
        } else {
          return <Redirect to="/error" />;
        }
      }}
    />
  );
};

export default ProtectedRoute;

The AuthService is simply like this, you need to modify it to fit your requirements.

AuthService.js (you can change the role to Admin, to play with it)

export const user = {
  name: "User 1",
  role:{
    name: "User"
  }
}

App.js (Please note that we are using out ProtectedRoute component, and passing the required role to it)

import React, { Component } from "react";
import { BrowserRouter as Router, Link, Route } from "react-router-dom";
import Home from "./Home";
import User from "./User";
import Admin from "./Admin";
import Login from "./Login";
import ErrorPage from "./ErrorPage";
import ProtectedRoute from "./ProtectedRoute";

class App extends Component {
  render() {
    return (
      <Router>
        <div>
          <ul>
            <li>
              <Link to="/">Home</Link>
            </li>
            <li>
              <Link to="/user">User</Link>
            </li>
            <li>
              <Link to="/admin">Admin</Link>
            </li>
          </ul>

          <Route exact path="/" component={Home} />
          <Route exact path="/login" component={Login} />
          <Route exact path="/error" component={ErrorPage} />
          <ProtectedRoute path="/user" component={User} requiredRole="User" />
          <ProtectedRoute path="/admin" component={Admin} requiredRole="Admin" />
        </div>
      </Router>
    );
  }
}

export default App;

With this setup, a user without Admin role cannot navigate to Admin and it's nested routes.




回答2:


use the Route component as shown 

if(user.role.name !== "Admin") {
   <Route path="/admin" component={Admin} />
} else {
   <Redirect to="/" />
}

if Admin show the component else redirect to home.



来源:https://stackoverflow.com/questions/58988562/how-to-prevent-certain-users-from-accessing-a-route-and-any-subroutes-in-react

标签
javascript
reactjs
react-router
authorization
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!