Any Sitecore Client user is capable of performing boost and kick operations after the maximum number of allowed users has been reached. However, only users that have administrator rights should be able to add and kick users.
To prevent non-administrator users from using the boost feature, you can apply the following customization option. Note that the code samples are given only as a starting point.
namespace Sitecore.Support.Client.LicenseOptions.Controllers { public class BoostUsersController : Controller { [HttpGet] public void RedirectToBoost() { if (!Context.User.IsAuthenticated || !Context.User.IsAdministrator) { base.Response.StatusCode = 401; } else { base.Response.Redirect(GetBoostUrl(), endResponse: true); } } protected string GetBoostUrl() { ... } } }
namespace Sitecore.Support.Mvc.Pipelines.Initialize { internal class InitializeRedirectToBoostRoute { public virtual void Process(PipelineArgs args) { Assert.ArgumentNotNull(args, "args"); this.RegisterRoutes(RouteTable.Routes, args); } protected virtual void RegisterRoutes(RouteCollection routes, PipelineArgs args) { string[] namespaces = new string[] { "Sitecore.Support.Client.LicenseOptions.Controllers" }; routes.MapRoute("RouteName", "api/sitecore/BoostUsers/{action}", new { controller = "BoostUsers", action = "RedirectToBoost", id = UrlParameter.Optional }, namespaces); } } }
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/" xmlns:role="http://www.sitecore.net/xmlconfig/role/">
<sitecore role:require="Standalone or ContentManagement or XMCloud"> <pipelines> <initialize> <processor type="Sitecore.Support.Mvc.Pipelines.Initialize.InitializeRedirectToBoostRoute, YourAssemblyName" patch:before="processor[@type='Sitecore.Mvc.Pipelines.Initialize.InitializeCommandRoute, Sitecore.Speak.Client']"/> </initialize>
</pipelines> </sitecore> </configuration>