Default “Access Control List” functionality (ACL) in nopCommerce allows store admins to grant access to predefined processes and also deny them. Nevertheless, they can restrict customers and other admins to access URLs and actions which aren’t defined in ACL. With using this plugin, store admins can deny customers to access URLs in any part of the website, especially the admin panel. In addition to static URLs, dynamic URLs can be defined by Regex patterns. These URLs can also be defined by “Controller” and “Action” of MVC routing. If an URL is limited for a user in panel admin, the plugin removes it from admin panel menu for them automatically. Also, plugin can restrict public store routes and if users try to access a restricted URL, the plugin will redirect them to 404 Not found page.
“Route Access Restriction” plugin in admin panel consists of:
Configure: Admin can configure general settings here
Restricted Routes: URLs for restriction can be defined here
In the configure page, admin can specify whether the plugin’s functionality is enabled or not. If the plugin was disabled, defined restrictions aren't be applied at all.
In this page, admin can define restricted routes with these options:
- Static URL
- Regex pattern for URL. All matched URLs will be restricted
- By “Controller” and “Action” name