Gravatar for loebrandy@gmail.com

Question by rloeb, Nov 7, 2016 11:23 AM

Re: Coveo for Sitecore 4.0 & HtmlContentInBodyWithRequestsProcessor update

We have Sitecore items for which we want to use HtmlContentInBodyWithRequestsProcessor but these items are not viewable by anonymous users.

We discovered this ideas page https://coveo.ideas.aha.io/ideas/CID-I-306 with a Mar 7 2016 comment suggesting the http client approach is being dropped.

  1. Will this solve our problem, i.e. allow for indexing of html sitecore-rendered items behind security (any limitations?)
  2. What is status, eta?
  3. Is there any possibility that the approach/code could be shared with us for sooner use?

As an aside, we seem to have found code samples to have sitecore render an item as html via its own pipeline, but all of these approaches seem to require an httpcontext which isn't present in the coveoPostItemProcessingPipeline.

Thanks

1 Reply
Gravatar for sbelzile@coveo.com

Answer by Sébastien Belzile, Nov 7, 2016 12:42 PM

The HtmlContentInBodyWithRequestsProcessor processor is still the OOTB approach, and dropping this approach has been indeed investigated (by myself during a hackathon). The code is not yet working and is still in a POC state. It is not planned on attacking this issue in the near futur.

To answer your questions:

  1. This would index HTML content of protected items. There are bad side-effects to consider: let's say you are indexing a public LINQ based search page which queries using securities. Protected items could show up in public quickviews.
  2. As I mentioned above, the POC code is not yet working, The C4SC team is not working on it.
  3. Sure:

I was looking at the ItemWebApi which is not enabled by default in Sitecore. This API has a call to retrieve an item's HTML content "GetRenderingHtml". Having an OOTB processor that uses this API is not the best way to proceed => the processor would need to handle security, the API is not enabled by default, etc. (you could try this approach if you want to).

I decompiled Sitecore dlls to see how it works behind the scenes: the code runs the "getRenderingPreview" pipeline. This is what I have been trying to call in my code.

There are quite some steps to do in the processor:

  1. You need the Sitecore DB which contains your item. (you have the indexableItem in the arguments, args.Item.Item returns the Sitecore Item, args.Item.Item.Database returns the Sitecore DB).
  2. Language matters (args.Item.Item.Language returns it).
  3. You need to retrieve the rendering item, if any. (args.Item.Item.Visualization.GetRenderings(DEVICE, false(?))) ??? .RenderingID.ToString() (language goes in there somewhere). (DEVICE is a Sitecore device (I would try using the default device (Don't know how to retrieve it => use google :-) ))).
  4. Then, you can build the pipeline arguments + run the pipeline.
  5. set the data (p_Args.CoveoItem.BinaryData = GetBytes(renderingPreviewArgs.Result); ???)

Unknowns:

  • does it works MVC + webform?
  • is the retrieved data similar/same as what is being retrieved by the HtmlContentInBodyWithRequestsProcessor processor.
  • undesired side-effects?

Pros:

  • improved indexing performances: much faster doing such a thing than performing REST calls.

If you do try to implement this, sharing the code with us would be appreciated + you might get it OOTB faster.

Gravatar for loebrandy@gmail.com

Comment by rloeb, Nov 7, 2016 1:30 PM

I was looking at some derivation of http://www.hhogdev.com/blog/2012/december/mvc-webforms.aspx which uses the PipelineService:

PipelineService.Get().RunPipeline<RenderRenderingArgs>("mvc.renderRendering",new RenderRenderingArgs(_rendering, output));

Also, why do you suggest this?

Protected items could show up in public quickviews.

Does coveo track item security separately than quickview? Won't the item's security still be respected even if we use a webclient to get an html preview?

Gravatar for sbelzile@coveo.com

Comment by Sébastien Belzile, Nov 7, 2016 2:01 PM

I think this approach you looked at would not work with webform pages, but it might be worth trying.

Does the code above allows you to retrieve protected content?

If the answer is yes => inject the binary content => no security concerns

If not => you have to retrieve the data with a "false" user identity. How can you tell which item has to be retrieve with which ID? You cannot retrieve every items as sitecore/admin => LINQ based search will return content viewable by sitecore/admin on extranet/anonymous accessible pages => security concerns in quickviews.

Ask a question