Throw a 403 error if a Container is requested

JeremyCaney · JeremyCaney · commit d03acc10e1d5 · 2020-08-20T19:10:02.000-07:00
`Container` topics are topics used to help organize topics. They are not meant to be viewed directly, and are not expected to have pages associated with them. In a recent update, we excluded `Container` topics from the `Sitemap` (87b6d1b), so they shouldn't be referenced, but they may still be discoverable as interstitial folders.
diff --git a/OnTopic.AspNetCore.Mvc/ValidateTopicAttribute.cs b/OnTopic.AspNetCore.Mvc/ValidateTopicAttribute.cs
@@ -116,6 +116,17 @@ public override void OnActionExecuting(ActionExecutingContext filterContext) {
         return;
       }
 
+      /*------------------------------------------------------------------------------------------------------------------------
+      | Handle containers
+      >-------------------------------------------------------------------------------------------------------------------------
+      | Like nested topics, containers are not expected to be viewed directly; if a user requests a container, return a 403 to
+      | indicate that the request is valid, but forbidden. Unlike nested topics, children of containers are potentially valid.
+      \-----------------------------------------------------------------------------------------------------------------------*/
+      if (currentTopic.ContentType == "Container") {
+        filterContext.Result = new StatusCodeResult(403);
+        return;
+      }
+
       /*------------------------------------------------------------------------------------------------------------------------
       | Handle page groups
       >-------------------------------------------------------------------------------------------------------------------------
