We are working on a VSTS Extension and want to only allow select users/groups to access and utilize the features of the extension. This extension essentially adds a dashboard that's linked from the gear menu.
If a user doesn't have access to the various data that the extension pulls from VSTS, they will have parts of this extension not work - but we do want to hide the extension and its link entirely if we don't explicitly authorize a group to view it.
I've checked various pages within the Develop Extensions documentation as well as the Security documentation but haven't found anything relevant to a topic like this.
I'm wondering if perhaps I could check for the user's identity details and deny access based on that, but the Identities API isn't yet functional, so I think that option isn't available to me at the moment.
