UmbracoFileSystemProviders.Azure
UmbracoFileSystemProviders.Azure copied to clipboard
umbraco-community
Adding a couple of events. Want to discuss need.
I've been thinking about extending the filesystemprovider for a long time so that we could do some security checks with custom security settings in the media section. I know HQ (Shaz) wants security checks to be in the media service, but if you know the URL you won't go through that service. If we introduce a couple of events, either in the virtual path provider (prefd) or in the filesystemprovider, we could make another package that hooks into get file and throws a 403 status if the client isn't authorized to read the file. We really really need this for a few clients, so I'm quite biased about this. :) Any thoughts?
Could you describe the use case?
I guess there's be no harm if it was just a couple of events. An extra granularity of control is usually welcome.
A lot of our customers wants to secure some files, and it would be nice to be able to support that within the "core" CMS. The only way as I see it now is to call out from the "get file" methods and let the rest be cancellable. Either pass the request object as a parameter, or pass a ref. to an event object that has info about how to proceed. If a plugin says stop, you stop. The security plugin could check whether the user has access to any media with the given path in the umbracoFile property, and cancel processing / response if not. Of course all media would have to go through the virtual path provider, but with the work you've done now, everything will or nothing will. If you want security, you'll need everything passed through a proxy anyway, so it's the perfect fit. :)
I'll see about making a prototype and add the events to my fork as soon as I've got "head above water". :)