Scenario:
Our Security System allows hiding navigation items for certain users by setting the Type Permission's Navigate access. Since with this approach, the Navigate access can be granted only for a certain type, the following scenarios are not supported:
1. It is necessary to hide a DashboardView.
2. There are several navigation items for a certain type, and it is required to hide a part of them.
3. It is necessary to hide a navigation item that is not associated with a certain View (e.g., a navigation group).
This article demonstrates how to extend the security role class with the HiddenNavigationItems property allowing hiding navigation items by their ID.
Steps to implement:
1. Implement a custom permission type - NavigationItemPermission - that can be used to check access permissions for a certain navigation item by its ID.
2. Implement a custom permission request - NavigationItemPermissionRequest - that will be sent to check whether the current user has access to a certain navigation item.
3. Implement a custom permission request processor - NavigationItemPermissionRequestProcessor - that determines whether the current user has permissions for the received permission request.
4. Register the permission request processor in the application by handling the SecurityStrategy.CustomizeRequestProcessors event in the Program.cs and Global.asax.cs files.
5. Implement a custom role with the HiddenNavigationItems property. Override the role's GetPermissionsCore method to create NavigationPermission instances based on the value of the HiddenNavigationItems property.
6. Implement a ShowNavigationItemController's descendant - CustomShowNavigationItemController - and override its SynchItemWithSecurity method to deactivate navigation items prohibited by the CustomSecurityRole.HiddenNavigationItems property.
See also:
How to: Implement Custom Security Objects (Users, Roles, Operation Permissions)