This project is read-only.


Topics: Core
Nov 22, 2013 at 8:42 PM
Was thinking about the default route we have /Contents/Item/Display/{id} that is letting users access some content items based on their id.

Sometime you might still want to allow it for some content items. What I suggest is to revive Routable and have the route only work for content items which have this part.

The implementation would be to direct this specific route to a custom new action in the Contents controller and would do the check before calling the current one. I still have to check whether this is a specific route today or the generic {area}/{controller}/{action}/{id} one

Opinion ?
Nov 22, 2013 at 9:04 PM
I've personally never had the requirement to prevent content from being accessed using the default route, but it does make sense to disable that by default, and have RoutablePart add that option. Would it be useful to even have a Part level setting that contains the route values (action, controller, area, additional route values, tokenized) and Type/Part level settings to customize it even per type? The default setting would be pointing to the Item controller in the Contents module.
A use case could be that I have a custom module that I want to handle serving the content. Not concrete enough, and my suggestion might be a bit over engineered, but perhaps you or others see a potential benefit.
Nov 22, 2013 at 10:01 PM
I'm not sure I like the idea of preventing items to be accessible from the frontend by default. That's it, I don't have any particular argument, just it fells better to have default routes and let permissions do any access control if there should be some (I understand the reason is not security here but it would also seem as a security feature, what it kind of is, but in an abusable way).

I'd do what I've done with this filter, but in ItemController: check if the current URL is the one that the item should be under, and if not, redirect. This would cure any duplicate content issues.
Nov 23, 2013 at 3:13 PM
Would be nice to avoid discovering that google has indexed the items you forget to protect with content item management part and that all internet is accessing an information you believe hidden... but in fact shouldn't this suffering the same constraints as adding the Content Item Management part to items we want to protect ? Or I missed something ?