Current filter:
                                You should refresh the page.

                                Our Security System allows hiding navigation items for certain users by configuring their Navigation permissions. These permissions can be configured in two modes.

                                Starting with version 16.2, Navigation Permissions can be assigned to individual navigation items. This feature is described in the Navigation Permissions section of the Security System Overview article. This feature is enabled by default in a new project created using the Wizard. To enable it when upgrading from an older version, it is necessary to set the SecurityStrategy.SupportNavigationPermissionsForTypes option to false. If the project is based on Entity Framework, it is also necessary to update the database. For this, use the approach described in this Knowledge Base article: How to: Add Navigation Permissions to an Entity Framework Application Created with XAF 16.1.

                                In version 16.1 and older, navigation permissions can be assigned to a specific object type via the AllowNavigate option available in the Type Permissions settings. All navigation items specific to a corresponding type are removed from the navigation control if the current user does not have the permission for navigating to this type. This mode is enabled by default when upgrading an old project to version 16.2 and higher. To enable it in a new project created using the Wizard, open the application designer and change the SecurityStrategy.SupportNavigationPermissionsForTypes property value to false.

                                This example demonstrates how to implement the first mode manually. The approach demonstrated in this example is useful if the project uses an old XAF version that does not yet have the Navigation Permissions feature implemented.

                                Note: If you use the solution provided in this example and upgrade to version 16.2, this code may stop working properly. In this case, use recommendations provided at the end of this article.

                                If your XAF version is less than 16.2 and you need to grant permissions to individual navigation items (e.g., to a DashboardView or to a certain ListView model), use the solution described below to extend the Security System's functionality. In this example, the HiddenNavigationItems property allowing you to hide navigation items by their ID will be added to the role class.

                                The approach with overriding the ShowNavigationItemController.SynchItemWithSecurity method shown in this example can be also appropriate for tasks that are not related to the Security System directly. You can hide or customize any navigation item in this manner.

                                Steps to implement:

                                1. Implement a custom permission type - NavigationItemPermission - that can be used to check access permissions for a certain navigation item by its ID.
                                2. Implement a custom permission request - NavigationItemPermissionRequest - that will be sent to check whether the current user has access to a certain navigation item.
                                3. Implement a custom permission request processor - NavigationItemPermissionRequestProcessor - that will determine whether the current user has permissions for the received permission request.
                                4. Implement a custom role with the HiddenNavigationItems property. Extend it with the GetPermissions method to create NavigationPermission instances based on the value of the HiddenNavigationItems property.
                                5. Specify the custom role in the Security System's RoleType property in the Application Designer, as described in the How to: Implement Custom Security Objects (Users, Roles, Operation Permissions) topic.
                                6. Register your permission request processor in the application by handling the SecurityStrategy.CustomizeRequestProcessors event in the Program.cs and Global.asax.cs files.
                                6. Implement a ShowNavigationItemController's descendant - CustomShowNavigationItemController - and override its SynchItemWithSecurity method to deactivate navigation items prohibited by the CustomSecurityRole.HiddenNavigationItems property.

                                After implementing these steps in your project, you will be able to assign a role with the HiddenNavigationItems property to required users to restrict their access to certain navigation items.

                                Note:  The example is based on the PermissionPolicyRole and PermissionPolicyUser classes. These classes are used by the Security System when selecting the Allow/Deny permissions policy in the Solution Wizard. If your project was created using an earlier XAF version (prior to 16.1), and the SecuritySystemRole and SecuritySystemUser classes are used in it, change the version number in the combo box below to see an example for these classes.

                                Upgrade note for version 16.2:
                                The code used in older versions of this example can stop working after upgrading to this version. To fix this issue, either copy the relevant code from the new version of the example, or modify the CustomShowNavigationItemController class by adding this method:

                                protected override bool SyncItemsWithRequestSecurity(DevExpress.ExpressApp.Actions.ChoiceActionItemCollection items) { base.SyncItemsWithSecurity(items); return true; }
                                Protected Overrides Function SyncItemsWithRequestSecurity(ByVal items As DevExpress.ExpressApp.Actions.ChoiceActionItemCollection) As Boolean MyBase.SyncItemsWithSecurity(items) Return True End Function