Cluster canAccess
Hi all
I have been using clusters for a while now and generally put a canAccess method on it to restrict sensitive pages to say a hasRole('Admin')
Only through running some tests have I realised that this doesnt restrict the page. It hides it from the navbar, but the pages assigned to the cluster are still accessible if you know the url.
I wondered if this was intentional?
My mistake was not testing the internal urls and assumed that as it was gone from the navbar then it was restricted.
1 Reply
I always look at clusters as a navigation mechanism. Authorization should still happen on the individual resources and pages in a cluster.