Skip to content

Instantly share code, notes, and snippets.

@herskinduk
Created February 24, 2017 00:32
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save herskinduk/e6b193edda411603d104fa59b6df37c6 to your computer and use it in GitHub Desktop.
Save herskinduk/e6b193edda411603d104fa59b6df37c6 to your computer and use it in GitHub Desktop.
ItemService database restrinction
using Headless.ItemService;
using Sitecore.Pipelines;
using System.Web.Http;
namespace Headless
{
public class ConfigureActionFilters
{
private HttpConfiguration configuration;
private RestrictDatabaseActionFilter actionFilter;
public ConfigureActionFilters(HttpConfiguration configuration, RestrictDatabaseActionFilter actionFilter)
{
this.actionFilter = actionFilter;
this.configuration = configuration;
}
public void Process(PipelineArgs args)
{
configuration.Filters.Add(actionFilter);
}
}
}
using Sitecore.Abstractions;
using Sitecore.Services.Infrastructure.Sitecore.Controllers;
using System.Net;
using System.Net.Http;
using System.Web.Http.Controllers;
using System.Web.Http.Filters;
namespace Headless.ItemService
{
public class RestrictDatabaseActionFilter : ActionFilterAttribute, IActionFilter
{
private const string ARGUMENTNAME = "query";
private string _allowedDatabase = "web";
private BaseLog logger;
public RestrictDatabaseActionFilter(BaseLog logger)
{
this.logger = logger;
}
public override void OnActionExecuting(HttpActionContext actionContext)
{
if (actionContext.ControllerContext.Controller is ItemServiceController && actionContext.ActionArguments.ContainsKey(ARGUMENTNAME))
{
dynamic query = actionContext.ActionArguments[ARGUMENTNAME];
try
{
var database = query.Database;
if (string.IsNullOrEmpty(database))
{
query.Database = _allowedDatabase;
}
else if (database != _allowedDatabase)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.BadRequest, "Database not allowed");
}
}
catch (RuntimeBinderException ex)
{
logger.Error("Unable to access Database property in hander request", ex, this);
throw;
}
}
base.OnActionExecuting(actionContext);
}
}
}
<?xml version="1.0"?>
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/">
<sitecore>
<services>
<register serviceType="Headless.ItemService.RestrictDatabaseActionFilter, Headless" implementationType="Headless.ItemService.RestrictDatabaseActionFilter, Headless" />
</services>
<pipelines>
<initialize>
<processor type="Headless.ConfigureActionFilters, Headless" resolve="true" />
</initialize>
</pipelines>
</sitecore>
</configuration>
@kevinobee
Copy link

The code looks to achieve its purpose ;)

Comments:

An action filter executes quite late in the request processing. Controllers have been selected, model binding has occurred etc. Consider using a delegating handler, this is pure middleware capable of dealing with the request much earlier.

Not a fan of using pipeline processor for start-up registration activities. We have Owin now, would this be a better fit going forward?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment