I'm currently evaluating Shareplus for a client across multiple mobile platforms. One of the issues that has arisen is the fact that all SubWebs are listed in the navigation regardless of the users access.
Due to the nature of the work performed by this client, it is important that project sites are only visible to those users with access rights and that the names of the projects not be visible to people without access.
From within the SharePoint UI this is not a problem as the navigation is security trimmed.
SharePlus does not override SharePlus security. This means that, at some point, for belonging to a group for example, the users have access.
Keep in mind that if a site is not visible in SharePoint's UI does not mean they're not accessible. You can verify this by clicking "All Site Content". If the sites the user is not supposed to have access to are there then he does have access and the sites are merely hidden.
Please try to verify the above and let me know what you find out.
Thanks for that Javier, I've been doing some testing and I think it's a SharePoint web service issue.
When working directly on the SharePoint object model, you can use the SPWeb.GetAllSubWebsForUser to return a security trimmed list of webs that the user can see. This is what we are using in the custom UI that I wrote for the client.
It would appear that when you call Webs.asmx GetWebCollection (Which I assume is the web service call you would be making), it returns all of the webs, regardless of the visibility.
When the user then tries to open one of those webs, they correctly get prompted for new credentials. The problem I have is that my client doesn't want them to even know of the existence of the sub-site for contractual reasons.
The workaround I have put in place is to remove the Browse Directories via WebDav permission at the top level for these users, whilst leaving it in place on the sub-sites. Doing this means they must deep link directly to the sub-site as a new site in SharePlus.
Right. We use the GetWebCollection service.
Keep this in mind: removing the browse directories privilege from the Read permission will make "Readable" sites/subsites not visible in SharePlus. Please make sure the change you proposed doen't affect the sites' visibility.
Another option could be, in a SharePlus Enterprise level, customize what sites can be seen by a particular user based on their credentials (a client based solution). If this is of your interest I can put you in contact with one of our Sales agents.
Best regards and thank you for posting at IG forums!