Created
February 24, 2017 00:32
-
-
Save herskinduk/e6b193edda411603d104fa59b6df37c6 to your computer and use it in GitHub Desktop.
ItemService database restrinction
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using Headless.ItemService; | |
using Sitecore.Pipelines; | |
using System.Web.Http; | |
namespace Headless | |
{ | |
public class ConfigureActionFilters | |
{ | |
private HttpConfiguration configuration; | |
private RestrictDatabaseActionFilter actionFilter; | |
public ConfigureActionFilters(HttpConfiguration configuration, RestrictDatabaseActionFilter actionFilter) | |
{ | |
this.actionFilter = actionFilter; | |
this.configuration = configuration; | |
} | |
public void Process(PipelineArgs args) | |
{ | |
configuration.Filters.Add(actionFilter); | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using Sitecore.Abstractions; | |
using Sitecore.Services.Infrastructure.Sitecore.Controllers; | |
using System.Net; | |
using System.Net.Http; | |
using System.Web.Http.Controllers; | |
using System.Web.Http.Filters; | |
namespace Headless.ItemService | |
{ | |
public class RestrictDatabaseActionFilter : ActionFilterAttribute, IActionFilter | |
{ | |
private const string ARGUMENTNAME = "query"; | |
private string _allowedDatabase = "web"; | |
private BaseLog logger; | |
public RestrictDatabaseActionFilter(BaseLog logger) | |
{ | |
this.logger = logger; | |
} | |
public override void OnActionExecuting(HttpActionContext actionContext) | |
{ | |
if (actionContext.ControllerContext.Controller is ItemServiceController && actionContext.ActionArguments.ContainsKey(ARGUMENTNAME)) | |
{ | |
dynamic query = actionContext.ActionArguments[ARGUMENTNAME]; | |
try | |
{ | |
var database = query.Database; | |
if (string.IsNullOrEmpty(database)) | |
{ | |
query.Database = _allowedDatabase; | |
} | |
else if (database != _allowedDatabase) | |
{ | |
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.BadRequest, "Database not allowed"); | |
} | |
} | |
catch (RuntimeBinderException ex) | |
{ | |
logger.Error("Unable to access Database property in hander request", ex, this); | |
throw; | |
} | |
} | |
base.OnActionExecuting(actionContext); | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0"?> | |
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/"> | |
<sitecore> | |
<services> | |
<register serviceType="Headless.ItemService.RestrictDatabaseActionFilter, Headless" implementationType="Headless.ItemService.RestrictDatabaseActionFilter, Headless" /> | |
</services> | |
<pipelines> | |
<initialize> | |
<processor type="Headless.ConfigureActionFilters, Headless" resolve="true" /> | |
</initialize> | |
</pipelines> | |
</sitecore> | |
</configuration> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The code looks to achieve its purpose ;)
Comments:
An action filter executes quite late in the request processing. Controllers have been selected, model binding has occurred etc. Consider using a delegating handler, this is pure middleware capable of dealing with the request much earlier.
Not a fan of using pipeline processor for start-up registration activities. We have Owin now, would this be a better fit going forward?