first should not add permission records directly in database, they most be added by a plugin.
if so then you most check access in
ManageSiteMap method of your plugin.
here is sample:
public void ManageSiteMap(SiteMapNode rootNode)
{
if (!_permissionService.Authorize(StandardPermissionProvider.ManagePayments))
return;
var peymentsNode = new SiteMapNode()
{
Title = this._localizationService.GetResource("Plugins.Payments.PaymentsManager.Menu"),
Url = "~/Admin/Plugins/PaymentsManager/Transaction/List",
IconClass = "fa-dot-circle-o",
SystemName = "PluginPaymentManager-payments",
Visible = true,
RouteValues = new RouteValueDictionary() { { "Namespaces", "Plugin.Payments.PaymentsManager" }, {"area", "admin" } },
};
var salesNode = rootNode.ChildNodes.FirstOrDefault(x => x.SystemName == "Sales");
salesNode.ChildNodes.Add(peymentsNode);
}
in case if you didn't know how to create a new permission record in a plugin:
namespace Nop.Plugin.Misc.PaymentManager.Security
{
public class PaymanetManagerPermissionProvider : IPermissionProvider
{
public static readonly PermissionRecord AccessPayments;
static PaymanetManagerPermissionProvider()
{
var permissionRecord = new PermissionRecord()
{
Name = "Access. Payments",
SystemName = "AccessPluginPayments",
Category = "Plugin"
};
PaymanetManagerPermissionProvider.AccessPayments = permissionRecord;
}
public virtual IEnumerable<PermissionRecord> GetPermissions()
{
return new PermissionRecord[1] { PaymanetManagerPermissionProvider.AccessPayments };
}
public virtual IEnumerable<DefaultPermissionRecord> GetDefaultPermissions()
{
DefaultPermissionRecord[] permissionRecordArray = new DefaultPermissionRecord[1]
{
new DefaultPermissionRecord()
{
CustomerRoleSystemName = (SystemCustomerRoleNames.Administrators),
PermissionRecords = (new PermissionRecord[1] { AccessPayments })
}
};
return permissionRecordArray;
}
}
}