VICTORY!
Actually this is the 2nd time I thought I achived victory, except this time things appear to work like they should.
I claim to have made it possible to apply a DENY role to individual users for TABS. (not modules yet, sorry). Technically it could be made to work with Roles on tabs... but... what's the point of that? Just remove view.
First - I'M NOT RESPONSIBLE FOR BROKENS RESULTING FROM USING THESE CHANGES!
!!!THIS IS A HACK JOB!!!
I did this on a test machine, using a FRESH Install of DNN 4.6.2 and a new Database. It is done merely as a proof of concept right now. I do plan to use it in a website in the future.
I do not know exactly how or if this will affect anything but the visibility of the tabs. I have tested this with 2 users (not including host and admin) and 1 top level tab and 1 tab under that. (at the time of writing) It appeared to be working correctly.
It is possible to use this to prevent ADMINISTRATORS from accessing the page. I have added code to continue to allow UserID 1 to access the page regardless but it can be modified to prevent even HOST from accessing the page.
CHANGES
There are 2 code modifications, 1 resource change and 1 row added to the database.
DATABASE CHANGE
A row needs to be added to the Permission table. Where # is the auto-generated ID
"# SYSTEM_TAB -1 DENY Deny Tab"
When I added the row, # equaled 7. But any number that appears there (if you've added rows to that already) should work fine.
RESOURCE CHANGE
In App_GlobalResources\GlobalResources.resx add
<data name="Deny Tab.Permission" xml:space="preserve">
<value>Deny Page</value>
</data>
I inserted it at line 208 (so the first line to add is line 208) in my file. It falls right under the Edit Page entry that way.
CODE CHANGE
DotNetNuke.Library\Controls\DataGrids\Permission Grids\PermissionsGrid.vb
Insert at line 505
If objPermission.PermissionKey = "DENY" Then
Continue For 'Prevents the DENY checkbox from showing for roles
End If
After that is inserted, lines 504 through 508 should look like
For Each objPermission In _permissions
If objPermission.PermissionKey = "DENY" Then
Continue For
End If
checkCol = New TemplateColumn
DotNetNuke.Library\Components\Tabs\Navigation.vb
Insert at line 284
Dim objTabPermissionController As New Security.Permissions.TabPermissionController
Dim objUserInfo As UserInfo = UserController.GetCurrentUserInfo()
If objUserInfo.UserID = 1 Then 'Host always has access
Return True
End If
For Each str As String In objTabPermissionController.GetTabPermissions(objTab.TabPermissions, "DENY").Split(New Char() {CChar(";")})
If (str = "[" + objUserInfo.UserID.ToString() + "]") Then
Return False 'No more checking, current user is denied
End If
Next
I went through and WinDiff'd the entire Library folder, and these are the only 2 code files that were modifed.
So, since there are only 4 changes total; I feel that this is a small enough number of changes for, what I consider, such a benificial tool, that it is something that would be worth release the information on.
Here is what my Permissions settings looks like for a Tab
Even a more minimal change set would be to not modify the GlobalResources.resx, or PermissionsGrid.vb. It would function EXACTLY the same way, the only difference would be on the settings page. The roles would have a DENY check box, and instead of Deny Page, it would say Deny Tab. If the Role Deny was selected, it would add a row to the database, but it wouldn't(shouldn't) have any effect on the tab loading or not.
The overall result of putting an account as DENY on a tab, it overrides ALL other visibility settings. I have a page set with all View Page checkboxes checked; The account I have set to DENY, cannot see that page when logged in.
Again - Setting a User Account to 'Deny Page' WILL prevent that account from seeing that page.
Any feedback on this, good or bad is appreciated and asked for.
And one more time - I'm not responsible for anything that happens for/when using these changes.