(Casbin) Query String Bypasses Access Control
Hi,
I currently have ID based access to my app working (following the example in the docs here: https://refine.dev/docs/advanced-tutorials/access-control/#example).
When a user attempts to access a prohibited page via direct URL (i.e /users), it prevents access as expected.
However, the presence of the query string (/users?pageSize=10¤t=1) bypasses this, and allows the user to view the page.
Is there any way I can accommodate this or remove this default query string altogether?
Correction: direct URL allows a prohibited user to access a page regardless.
I currently have ID based access to my app working (following the example in the docs here: https://refine.dev/docs/advanced-tutorials/access-control/#example).
However, the presence of the query string (/users?pageSize=10¤t=1) bypasses this, and allows the user to view the page.
Is there any way I can accommodate this or remove this default query string altogether?
Correction: direct URL allows a prohibited user to access a page regardless.
