How do you hide panelmenu items by role?

scjhnsn · August 10, 2018, 7:46pm

How do you hide panelmenu items by role? I've restricted access to the pages, but it would look nicer if the panelmenu item was hidden, like hide Maintenance and everything underneath it in this example.

enchev · August 11, 2018, 6:10am

Hi Steve,

You can hide the item for non authenticated users using ${security.isAuthenticated()}:

Or you can hide it per role using security.isInRole('Admin'):

Best Regards,
Vladimir

scjhnsn · August 13, 2018, 10:09pm

Works great!
Thanks.

Jesus_Verduzco · September 20, 2018, 8:56pm

This is fantastic! I was just looking at the documentation to see if I found this

Moo · July 8, 2019, 9:48am

This works nicely but even hides elements for the dev admin account. Is this done on purpose?
I mean I have testusers, but logging in with the dev admin account leads to an very limited navigation menu. And I am not sure if I want to add security checks for dev-situations only.

enchev · July 8, 2019, 1:28pm

Maybe you can create account especially for test users part of admin role. The dev admin account is virtual (not persisted in the database) and cannot be added to role.

Moo · July 8, 2019, 2:44pm

May I suggest the application ignores rolechecks in detail when the user is identified as this particular virtual user? It's an (special) admin account after all, that kind of role is about building the security cornerstones, not about respecting it XD

enchev · July 8, 2019, 3:55pm

Actually I've found a way to make the virtual dev admin part of every role. It will be available in the next release.

Moo · July 18, 2019, 2:53pm

I just tried that out (Version: 2.19.5) and ... how should that work?
I configured an Visible-property of the main-navigation with the following:
security.isInRole('something')

Then I assumed the virtual admin will see this navigation entry just fine, even if he isn't part of this role.
I was wrong.

enchev · July 18, 2019, 3:02pm

You can check the Login method of server/Controllers/AuthController.cs

...
            if (env.EnvironmentName == "Development" && username.ToObject<string>() == "admin" && password.ToObject<string>() == "admin")
            {
                var claims = new List<Claim>() {
                        new Claim(ClaimTypes.Name, "admin"),
                        new Claim(ClaimTypes.Email, "admin")
                      };

                this.roleManager.Roles.ToList().ForEach(r => claims.Add(new Claim(ClaimTypes.Role, r.Name)));

                return Jwt(claims);
            }
...

defined to be visible for particular role

and visible for admin/admin login

Moo · July 19, 2019, 1:12pm

My AuthController has this lines of code, and goes through it fine.
But when I try the same thing which you just showed me on your screenshots it doesn't work
meta.zip (15.3 KB)

Added Northwinds orders-link to the navigation
used the same string in visible-property
logged in with the standard admin/admin user
cannot see the orders-navigation-link

enchev · July 19, 2019, 2:29pm

I’ll check your app and I’ll get back with more info.

enchev · July 21, 2019, 4:33am

I've tried your app and I've noticed that the profile menu is missing. I've removed and re-added security to restore it.

Populated navigation items and added expression for Visible:

added role

logged out and on next login everything worked as expected