While using Jira module, it’s project page, we use conditions to have conditional access to plugin resources. For instance, we may define what permissions user should have or what project property should contain. It works great unless user has directly link to our resource and there is a problem.
So, I’d like to know:
- Does it should not work out of the box? Does all of these conditions should not be checked also before rendering the page?
- How you guys, other vendors handle this case? For instance, we have to check all of these conditions on our server before returning destination view to user to prevent JWT leak.
I’d like to know your opinion and approach to the described case.