Menu is rendered with respect to permission, but user still able to access the page if he write it in the url; what is your suggestion to handle this using Abp framework?
There are three level of security we can provide in angular-side:
- We should not create menu items if user has no permission to that page. This prevents user to click the menu to enter to the page.
- We should not define states (or routes) if user has no permission to that page. This prevents user to enter to the page by writing url.
- We should check permission on every application service method call. This prevents user to access/change data in that page.