NuGet Package: DevExpress.ExpressApp.Security
This item is added to the same navigation group with the User object (see IModelClassNavigation.NavigationGroupName) and displayed via the ShowNavigationItemController Controller. When an end-user clicks this item in the navigation control, a default Detail View (see IModelClass.DefaultDetailView) with the current User’s details is displayed.
The MyDetailsController class exposes the CanGenerateMyDetailsNavigationItem static (Shared in VB) field which indicates whether to generate the My Details navigation item. Its value is true by default, i.e the item is generated. If it is required to prohibit generating the My Details navigation item, set CanGenerateMyDetailsNavigationItem to false:
using DevExpress.ExpressApp.Security; // ... MyDetailsController.CanGenerateMyDetailsNavigationItem = false;
In a Windows Forms application project, add this code to the Main method located in Program.cs (Program.vb) file, before invoking the WinApplication.Start method. In an ASP.NET Web Forms application project, add this code to the Session_Start method located in Global.asax.cs (Global.asax.vb) file, before invoking the WebApplication.Start method.
In an ASP.NET Web Forms application, the MyDetailsController Controller adds the MyDetails Action to the Security Action Container. Besides MyDetails, this Action Container includes the Logoff Action.
The MyDetails Action is exposed via the MyDetailsController.MyDetailsAction property.
In the legacy Security System, users can modify themselves, even if the Write access to the User object is denied, by default. Additionally, users can use the MyDetails Navigation Item and Action, when they have no Navigate access to the User object. To change this behavior, you can set the ObjectAccessComparer.AllowModifyCurrentUserObject and ObjectAccessComparer.AllowNavigateToCurrentUserObject properties to false in the Main method of the Windows Forms application or in the Session_Start method of the ASP.NET Web Forms application. These settings have no effect in the Security System. The required permissions are granted or omitted explicitly (see Client-Side Security (2-Tier Architecture)).
ObjectAccessComparer currentComparer = (ObjectAccessComparer)ObjectAccessComparerBase.CurrentComparer; // Prohibit changing the current user's properties in My Details Detail View // for users who have no "Write" permission to User object: currentComparer.AllowModifyCurrentUserObject = false; // Hide the My Details Navigation Item and Action // for users who have no "Navigate" permission to User object: currentComparer.AllowNavigateToCurrentUserObject= false;