0
0
NextJSframework~20 mins

Role-based access patterns in NextJS - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Role-Based Access Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What will this Next.js component render for a user with role 'editor'?

Consider this Next.js functional component that shows different content based on user roles.

import { useState } from 'react';

export default function Dashboard() {
  const [userRole] = useState('editor');

  if (userRole === 'admin') {
    return <h1>Admin Panel</h1>;
  } else if (userRole === 'editor') {
    return <h1>Editor Workspace</h1>;
  } else {
    return <h1>Viewer Page</h1>;
  }
}
NextJS
import { useState } from 'react';

export default function Dashboard() {
  const [userRole] = useState('editor');

  if (userRole === 'admin') {
    return <h1>Admin Panel</h1>;
  } else if (userRole === 'editor') {
    return <h1>Editor Workspace</h1>;
  } else {
    return <h1>Viewer Page</h1>;
  }
}
A<h1>Editor Workspace</h1>
B<h1>Admin Panel</h1>
C<h1>Viewer Page</h1>
DComponent throws an error
Attempts:
2 left
💡 Hint

Check the value of userRole and which condition matches.

state_output
intermediate
2:00remaining
What is the value of accessLevel after this code runs?

Given this React state update in a Next.js component, what will accessLevel be?

import { useState } from 'react';

export default function AccessControl() {
  const [role] = useState('guest');
  const [accessLevel, setAccessLevel] = useState('none');

  if (role === 'admin') {
    setAccessLevel('full');
  } else if (role === 'editor') {
    setAccessLevel('partial');
  } else {
    setAccessLevel('read-only');
  }

  return <div>Access: {accessLevel}</div>;
}
NextJS
import { useState } from 'react';

export default function AccessControl() {
  const [role] = useState('guest');
  const [accessLevel, setAccessLevel] = useState('none');

  if (role === 'admin') {
    setAccessLevel('full');
  } else if (role === 'editor') {
    setAccessLevel('partial');
  } else {
    setAccessLevel('read-only');
  }

  return <div>Access: {accessLevel}</div>;
}
AAccess: none
BComponent causes infinite loop
CAccess: full
DAccess: read-only
Attempts:
2 left
💡 Hint

Think about what happens when you call setAccessLevel inside the component body.

📝 Syntax
advanced
2:00remaining
Which option correctly implements role-based access using Next.js middleware?

Choose the correct Next.js middleware code snippet that restricts access to '/admin' pages only to users with role 'admin'.

A
export function middleware(request) {
  const role = request.cookies.get('role');
  if (role !== 'admin') {
    return Response.redirect('/login');
  }
  return NextResponse.next();
}
B
export function middleware(request) {
  const role = request.cookies.get('role');
  if (role !== 'admin') {
    return NextResponse.redirect('/login', 302);
  }
  return NextResponse.next();
}
C
export function middleware(request) {
  const role = request.cookies.get('role');
  if (role !== 'admin') {
    return redirect('/login');
  }
  return NextResponse.next();
}
D
import { NextResponse } from 'next/server';

export function middleware(request) {
  const role = request.cookies.get('role');
  if (role !== 'admin') {
    return NextResponse.redirect('/login');
  }
  return NextResponse.next();
}
Attempts:
2 left
💡 Hint

Check the correct usage of Next.js NextResponse.redirect method.

🔧 Debug
advanced
2:00remaining
Why does this role check fail to protect the page?

Examine this Next.js page component that tries to restrict access to admins only. Why does it fail?

export default function AdminPage({ user }) {
  if (user.role !== 'admin') {
    return <p>Access Denied</p>;
  }
  return <h1>Welcome Admin</h1>;
}

export async function getServerSideProps(context) {
  const user = await getUserFromSession(context.req);
  return { props: { user } };
}
NextJS
export default function AdminPage({ user }) {
  if (user.role !== 'admin') {
    return <p>Access Denied</p>;
  }
  return <h1>Welcome Admin</h1>;
}

export async function getServerSideProps(context) {
  const user = await getUserFromSession(context.req);
  return { props: { user } };
}
AThe component does not redirect unauthorized users, so they still see the page content.
BThe role check is case-sensitive and user.role is 'Admin' with uppercase A, so the check fails.
CThe user object is undefined because getUserFromSession returns null for unauthenticated users, causing a runtime error.
DgetServerSideProps does not run on the server, so user data is missing.
Attempts:
2 left
💡 Hint

Consider what happens if user is null or undefined.

🧠 Conceptual
expert
3:00remaining
Which approach best secures role-based access in a Next.js app?

Choose the most secure and scalable approach to enforce role-based access control in a Next.js application.

AImplement role checks in API routes and server-side rendering functions, returning 403 or redirecting unauthorized users.
BUse client-side role checks in React components only, hiding UI elements based on user role stored in local state.
CStore user roles in cookies and rely on client-side JavaScript to block access to pages by checking cookie values.
DUse static site generation with role-based content filtering at build time to serve different pages per role.
Attempts:
2 left
💡 Hint

Think about where security checks must happen to prevent unauthorized access.