Every client user can add and kick users


Description

Any Sitecore Client user is capable of performing boost and kick operations after the maximum number of allowed users has been reached. However, only users that have administrator rights should be able to add and kick users.

Solution

To prevent non-administrator users from using the boost feature, you can apply the following customization option. Note that the code samples are given only as a starting point.

  1. Create a custom BoostUsersController class:
    namespace Sitecore.Support.Client.LicenseOptions.Controllers
    {
        public class BoostUsersController : Controller
        {
    		[HttpGet]
    		public void RedirectToBoost()
    		{
    			if (!Context.User.IsAuthenticated || !Context.User.IsAdministrator)
    			{
    				base.Response.StatusCode = 401;
    			}
    			else
    			{
    				base.Response.Redirect(GetBoostUrl(), endResponse: true);
    			}
    		}
    
    		protected string GetBoostUrl()
    		{ ... }
    	}
    }
  2. Create a custom InitializeRedirectToBoostRoute class:
    namespace Sitecore.Support.Mvc.Pipelines.Initialize
    {
        internal class InitializeRedirectToBoostRoute
        {
            public virtual void Process(PipelineArgs args)
            {
                Assert.ArgumentNotNull(args, "args");
                this.RegisterRoutes(RouteTable.Routes, args);
            }
    
            protected virtual void RegisterRoutes(RouteCollection routes, PipelineArgs args)
            {
                string[] namespaces = new string[] { "Sitecore.Support.Client.LicenseOptions.Controllers" };
                routes.MapRoute("RouteName", "api/sitecore/BoostUsers/{action}", new
                {
                    controller = "BoostUsers",
                    action = "RedirectToBoost",
                    id = UrlParameter.Optional
                }, namespaces);
            }
        }
    }
  3. Build the created classes into an assembly.
  4. Put the assembly into the \bin folder of the website.
  5. Add the custom processor to the configuration by creating a configuration patch file in the \App_Config\Include\zzz folder:
    <?xml version="1.0" encoding="utf-8"?>
    <configuration xmlns:patch="http://www.sitecore.net/xmlconfig/" xmlns:role="http://www.sitecore.net/xmlconfig/role/">
    <sitecore role:require="Standalone or ContentManagement or XMCloud"> <pipelines> <initialize> <processor type="Sitecore.Support.Mvc.Pipelines.Initialize.InitializeRedirectToBoostRoute, YourAssemblyName" patch:before="processor[@type='Sitecore.Mvc.Pipelines.Initialize.InitializeCommandRoute, Sitecore.Speak.Client']"/> </initialize>
    </pipelines> </sitecore> </configuration>