How do you hide panelmenu items by role?

How do you hide panelmenu items by role? I've restricted access to the pages, but it would look nicer if the panelmenu item was hidden, like hide Maintenance and everything underneath it in this example.

Hi Steve,

You can hide the item for non authenticated users using ${security.isAuthenticated()}:

Or you can hide it per role using security.isInRole('Admin'):

Best Regards,

1 Like

Works great!

This is fantastic! I was just looking at the documentation to see if I found this :slight_smile:

This works nicely but even hides elements for the dev admin account. Is this done on purpose?
I mean I have testusers, but logging in with the dev admin account leads to an very limited navigation menu. And I am not sure if I want to add security checks for dev-situations only.

Maybe you can create account especially for test users part of admin role. The dev admin account is virtual (not persisted in the database) and cannot be added to role.

May I suggest the application ignores rolechecks in detail when the user is identified as this particular virtual user? It's an (special) admin account after all, that kind of role is about building the security cornerstones, not about respecting it XD

Actually I've found a way to make the virtual dev admin part of every role. It will be available in the next release.

1 Like

I just tried that out (Version: 2.19.5) and ... how should that work?
I configured an Visible-property of the main-navigation with the following:

Then I assumed the virtual admin will see this navigation entry just fine, even if he isn't part of this role.
I was wrong.

You can check the Login method of server/Controllers/AuthController.cs

            if (env.EnvironmentName == "Development" && username.ToObject<string>() == "admin" && password.ToObject<string>() == "admin")
                var claims = new List<Claim>() {
                        new Claim(ClaimTypes.Name, "admin"),
                        new Claim(ClaimTypes.Email, "admin")

                this.roleManager.Roles.ToList().ForEach(r => claims.Add(new Claim(ClaimTypes.Role, r.Name)));

                return Jwt(claims);

defined to be visible for particular role

and visible for admin/admin login

My AuthController has this lines of code, and goes through it fine.
But when I try the same thing which you just showed me on your screenshots it doesn't work :frowning: (15.3 KB)

  • Added Northwinds orders-link to the navigation
  • used the same string in visible-property
  • logged in with the standard admin/admin user
  • cannot see the orders-navigation-link

I’ll check your app and I’ll get back with more info.

I've tried your app and I've noticed that the profile menu is missing. I've removed and re-added security to restore it.

Populated navigation items and added expression for Visible:

added role

logged out and on next login everything worked as expected

1 Like