Pending the completion of Issue #128.
Currently, the NextJS middleware only distinguishes between public and non-public routes when determining authorization. This means that an attendee can access the create and edit event pages (even though they won't be able to submit the form).
A list should be created in the middleware file that defines all the routes accessible by poster only. Then, using the value set in the user_role cookie, access should be determined accordingly.
Pending the completion of Issue #128.
Currently, the NextJS middleware only distinguishes between public and non-public routes when determining authorization. This means that an attendee can access the create and edit event pages (even though they won't be able to submit the form).
A list should be created in the middleware file that defines all the routes accessible by poster only. Then, using the value set in the
user_rolecookie, access should be determined accordingly.