I have an inventory app that has three different roles, namely operator, admin, and super admin.
the problem is when I enter with one of the roles, I can access the menu belongs to another role by writing the link from the menu in the browser's link bar.
example
in the admin page there is a backup and restore menu, link: /admin/backupAndRestore
then I log in as an operator
in the operator page there is only the item borrowing and return item menu, but if I write a link of the admin backup and restore menu in the browser's link bar like localhost: 8000/admin/backupAndRestore
I can access the page.
I want to make it like a user who has logged in can not access the register or login page and redirected to the home page, what should I do?