However, with a simple extension to Sitecore, we could overcome this challenge.
The idea is to create a new role and set the security settings of the role to allow read access and deny all other permissions of all the content items. If the current requests context site is “shell” and the content database is web (meaning that the current user is logged into Sitecore and requesting the web database items), then the current user should have assigned the role.
By adding a new processer into the HttpRequst pipeline it is simple to do these checks.
First, what we want to do is to create the new role and assign the read permission to “allow”, all other permissions to “denied” and allow inheritance of the permissions at the top level of the content item in Sitecore. In this case, I have created a role named “WebDBReader”.
Next step is to create the code checking for the current request:
using Sitecore.Pipelines.HttpRequest; namespace MySitecoreExtensions.Pipelines.HttpRequestBegin { public class AssignWebReaderRole : HttpRequestProcessor { public override void Process(HttpRequestArgs args) { // If there is no context, we are not in a request from a web browser. if (args == null || args.Context == null) { // So we return. return; } //If the site not shell, the user is not logged into Sitecore if (!Sitecore.Context.GetSiteName().ToLower().Equals("shell")) { return; } if (args.LocalPath.ToLower().Equals("/keepalive.aspx")) { return; } if (!string.IsNullOrEmpty(args.Context.Request.QueryString["sc_content"]) && args.Context.Request.QueryString["sc_content"].ToLower().Equals("web")) { if (!Sitecore.Context.User.IsInRole("sitecore\\WebDBReader")) { Sitecore.Context.User.Roles.Add(Sitecore.Security.Accounts.Role.FromName("sitecore\\WebDBReader")); } return; } else { if (Sitecore.Context.User.IsInRole("sitecore\\WebDBReader")) { Sitecore.Context.User.Roles.Remove(Sitecore.Security.Accounts.Role.FromName("sitecore\\WebDBReader")); } return; } } } }
Finally, we add the extension in the HttpRequest pipeline. It is important to add the processor after the DatabaseResolver has finished:
<httpRequestBegin> ... <processor type="Sitecore.Pipelines.HttpRequest.UserResolver, Sitecore.Kernel" /> <processor type="Sitecore.Pipelines.HttpRequest.DatabaseResolver, Sitecore.Kernel" /> <processor type="MySitecoreExtensions.Pipelines.HttpRequestBegin.AssignWebReaderRole, MySitecoreExtensions" /> <processor type="Sitecore.Pipelines.HttpRequest.BeginDiagnostics, Sitecore.Kernel" /> ... </httpRequestBegin>
And, there
you have it. Now the authors would be able to navigate through the items in the
web database, without being able to change the content. And still have their default
security settings when navigating through the items of the master database.
No comments:
Post a Comment