Trying to understand client components
Unanswered
Mountain Chickadee posted this in #help-forum
Mountain ChickadeeOP
hey, started using nextjs recently. maybe this is a dumb question, but i cant figure it out!
this is the code:
I am using context to get the auth state of the user, and a function to get the user data from the database. In this example, can the user change the code and abuse the fact that this component is renderd in the client side? can the user give himself access to the page? if so, what can I do to prevent this? because I am using context, this component has to be client component!
thank you! 🙂
this is the code:
// /app/admin/layout
"use client";
import { UserAuth } from "@/context/AuthContext";
import { getUser } from "@/lib/getUser";
export default async function AdminLayout({
children,
}: Readonly<{
children: React.ReactNode;
}>) {
const { user } = UserAuth();
let userData = await getUser(user);
const isUserAdmin = userData?.isAdmin;
return <div>{isUserAdmin && children}</div>;
}I am using context to get the auth state of the user, and a function to get the user data from the database. In this example, can the user change the code and abuse the fact that this component is renderd in the client side? can the user give himself access to the page? if so, what can I do to prevent this? because I am using context, this component has to be client component!
thank you! 🙂
4 Replies
@Mountain Chickadee you can check step 8
if you implement server side auth, it will be mega easy like a simple if/else
@James4u if you implement server side auth, it will be mega easy like a simple if/else
Mountain ChickadeeOP
but if this code is a client component, the user would be able to modify it