V15: Notification Hub

[nikolajlauridsen]

Creates a SignalR hub that relays server events to the backoffice frontend.

Terminology

• ServerEvent - Some event that has happened on the server, the default events map to the notifications
• EventSource - The source of the event, I.E. "Document", "Media", etc. this is just a string and can be anything
• EventType - The type of event, for instance, Created, Deleted, etc. This is also just a string and can be anything
• Routing - In the context of server events routing means ensuring that the event gets to the connections which are authorized for it.

Details

Each event consists of:

• EventType
• EventSource
• Key - The key of the entity the event is about

These default events are

• Created
• Updated
• Deleted
• Trashed

The events come from a single hub using a single method notify. Upon connecting, the user is authorized to receive certain events. This means that users with only DocumentTreeAccess will only see document events, and so on.

Additionally, it's also possible to notify a specific user. This still goes through the notify method and notifies all the users' connections. It is used to notify a specific user that they've been updated.

Events are routed using the "group" concept in SignalR, every event source is its own group. An IEventSourceAuthorizer is then used to authorize a user (using a ClaimsPrincipal) for one or more event sources (groups), if a user is approved it's added to the group. This means that an authorizer is required for each event source for the routing to be used. If authorization is not required the IServerEventRouter.BroadcastEventAsync method can instead be used, this sends the event to all connected users.

If a user is updated, the authorization is re-run ensuring that any permission changes are reflected in the event routing.

This means to extend this you must:

1. Implement an IEventSourceAuthorizer
2. Add it to the EventSourceAuthorizerCollection
3. Create and route an event using IServerEventRouter.RouteEventAsync, this can be done from anywhere, but a notification handler is an ideal place

If you want to authorize using a standard .Net Core policy you can use the EventSourcePolicyAuthorizer abstract class, and specify which event sources should be authorized using which policy.

Note that the event source authorized by the IEventSourceAuthorizer must be the same as the one your ServeEvent for the event to be routed anywhere

Example of adding event authorizer

private static IUmbracoBuilder AddAuthorizers(this IUmbracoBuilder builder)
    {
        builder.EventSourceAuthorizers()
            .Append<DocumentEventAuthorizer>();
        return builder;
    }

Testing

• Extract this zip file in you wwwroot folder: js.zip
• Create a simple content node
• In the template for the content node add the following HTML:

@using Umbraco.Cms.Web.Common.PublishedModels;
@inherits Umbraco.Cms.Web.Common.Views.UmbracoViewPage
@{
	Layout = null;
}

<div class="container">
    <h1>Messages:</h1>
    <div class="row p-1">
        <div class="col-6">
            <ul id="messagesList"></ul>
        </div>
    </div>
</div>
<script src="~/js/signalr/dist/browser/signalr.js"></script>
<script src="~/js/event.js"></script>

• Login to the backoffice
• Copy your auth token:
  
• Replace YOUR-ACCESS-TOKEN-HERE with that token in the wwwroot/js/event.js file
• Go the the front page (or hard reset it)
• A SignalR connection should now be active
• Do actions like creating, updating, deleting, content, media, data types, etc. and verify that they're displayed on the front page

Note: The auth token is short lived, so it may expire

[Migaroez]

Relations also exist for media

[nikolajlauridsen]

Should we then require both TreeAccessDocuments and TreeAccessMediaOrMediaType? Or neither? What do you suggest? :)

[Migaroez]

Since we don't have notifications for specific relations and both the parent/child can be of any entity type that supports them, I think we should probably use TreeAccessDocumentsOrMediaOrMembersOrContentTypes

[nikolajlauridsen]

Great point, I've updated that 😄