+ [MonoTODO ("need to implement cases 2 and 3")]
+ public virtual bool IsAccessibleToUser (HttpContext context, SiteMapNode node)
+ {
+ if (context == null) throw new ArgumentNullException ("context");
+ if (node == null) throw new ArgumentNullException ("node");
+
+ if (!SecurityTrimmingEnabled)
+ return true;
+
+ /* The node is accessible (according to msdn2) if:
+ *
+ * 1. The Roles exists on node and the current user is in at least one of the specified roles.
+ *
+ * 2. The current thread has an associated WindowsIdentity that has file access to the requested URL and
+ * the URL is located within the directory structure for the application.
+ *
+ * 3. The current user is authorized specifically for the requested URL in the authorization element for
+ * the current application and the URL is located within the directory structure for the application.
+ */
+
+ /* 1. */
+ IList roles = node.Roles;
+ if (roles != null && roles.Count > 0) {
+ foreach (string rolename in roles)
+ if (rolename == "*" || context.User.IsInRole (rolename))
+ return true;
+ }
+
+ /* 2. */
+ /* XXX */
+
+ /* 3. */
+ string url = node.Url;
+ if(!String.IsNullOrEmpty(url)) {
+ // TODO check url is located within the current application
+
+ if (VirtualPathUtility.IsAppRelative (url) || !VirtualPathUtility.IsAbsolute (url))
+ url = VirtualPathUtility.Combine (VirtualPathUtility.AppendTrailingSlash (HttpRuntime.AppDomainAppVirtualPath), url);
+
+ AuthorizationSection config = (AuthorizationSection) WebConfigurationManager.GetSection (
+ "system.web/authorization",
+ url);
+ if (config != null)
+ return config.IsValidUser (context.User, context.Request.HttpMethod);
+ }
+
+ return false;