({ permission, display, children })
| 28 | } |
| 29 | |
| 30 | export const RequireAuth = ({ permission, display, children }) => { |
| 31 | const location = useLocation() |
| 32 | const { isCloud, isOpenSource, isEnterpriseLicensed, loading } = useConfig() |
| 33 | const { hasPermission } = useAuth() |
| 34 | const isGlobal = useSelector((state) => state.auth.isGlobal) |
| 35 | const currentUser = useSelector((state) => state.auth.user) |
| 36 | const features = useSelector((state) => state.auth.features) |
| 37 | const permissions = useSelector((state) => state.auth.permissions) |
| 38 | |
| 39 | // Step 0: Wait for config to load |
| 40 | if (loading) { |
| 41 | return null |
| 42 | } |
| 43 | |
| 44 | // Step 1: Authentication Check |
| 45 | // Redirect to login if user is not authenticated |
| 46 | if (!currentUser) { |
| 47 | return <Navigate to='/login' replace state={{ path: location.pathname }} /> |
| 48 | } |
| 49 | |
| 50 | // Step 2: Deployment Type Specific Logic |
| 51 | // Open Source: Only show features without display property |
| 52 | if (isOpenSource) { |
| 53 | return !display ? children : <Navigate to='/unauthorized' replace /> |
| 54 | } |
| 55 | |
| 56 | // Cloud & Enterprise: Check both permissions and feature flags |
| 57 | if (isCloud || isEnterpriseLicensed) { |
| 58 | // Routes with display property - check feature flags |
| 59 | if (display) { |
| 60 | // Check if user has any permissions |
| 61 | if (permissions.length === 0) { |
| 62 | return <Navigate to='/unauthorized' replace state={{ path: location.pathname }} /> |
| 63 | } |
| 64 | |
| 65 | // Organization admins bypass permission checks |
| 66 | if (isGlobal) { |
| 67 | return checkFeatureFlag(features, display, children) |
| 68 | } |
| 69 | |
| 70 | // Check user permissions and feature flags |
| 71 | if (!permission || hasPermission(permission)) { |
| 72 | return checkFeatureFlag(features, display, children) |
| 73 | } |
| 74 | |
| 75 | return <Navigate to='/unauthorized' replace /> |
| 76 | } |
| 77 | |
| 78 | // Standard routes: check permissions (global admins bypass) |
| 79 | if (permission && !hasPermission(permission) && !isGlobal) { |
| 80 | return <Navigate to='/unauthorized' replace /> |
| 81 | } |
| 82 | |
| 83 | return children |
| 84 | } |
| 85 | |
| 86 | // Fallback: If none of the platform types match, deny access |
| 87 | return <Navigate to='/unauthorized' replace /> |
nothing calls this directly
no test coverage detected