public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next) { DisableQueryAttribute disableQueryAttribute = context.Controller.GetType().GetCustomAttribute <DisableQueryAttribute>(); _queryStringReader.ReadAll(disableQueryAttribute); await next(); }
/// <inheritdoc/> public virtual void Parse(DisableQueryAttribute disableQueryAttribute) { disableQueryAttribute ??= DisableQueryAttribute.Empty; foreach (var pair in _queryStringAccessor.Query) { if (string.IsNullOrEmpty(pair.Value)) { throw new InvalidQueryStringParameterException(pair.Key, "Missing query string parameter value.", $"Missing value for '{pair.Key}' query string parameter."); } var service = _queryServices.FirstOrDefault(s => s.CanParse(pair.Key)); if (service != null) { _logger.LogDebug($"Query string parameter '{pair.Key}' with value '{pair.Value}' was accepted by {service.GetType().Name}."); if (!service.IsEnabled(disableQueryAttribute)) { throw new InvalidQueryStringParameterException(pair.Key, "Usage of one or more query string parameters is not allowed at the requested endpoint.", $"The parameter '{pair.Key}' cannot be used at this endpoint."); } service.Parse(pair.Key, pair.Value); _logger.LogDebug($"Query string parameter '{pair.Key}' was successfully parsed."); } else if (!_options.AllowCustomQueryStringParameters) { throw new InvalidQueryStringParameterException(pair.Key, "Unknown query string parameter.", $"Query string parameter '{pair.Key}' is unknown. Set '{nameof(IJsonApiOptions.AllowCustomQueryStringParameters)}' to 'true' in options to ignore unknown parameters."); } } }
/// <summary> /// For a query parameter in <paramref name="query"/>, calls /// the <see cref="IQueryParameterService.Parse(KeyValuePair{string, Microsoft.Extensions.Primitives.StringValues})"/> /// method of the corresponding service. /// </summary> public virtual void Parse(IQueryCollection query, DisableQueryAttribute disabled) { var disabledQuery = disabled?.QueryParams; foreach (var pair in query) { bool parsed = false; foreach (var service in _queryServices) { if (pair.Key.ToLower().StartsWith(service.Name, StringComparison.Ordinal)) { if (disabledQuery == null || !IsDisabled(disabledQuery, service)) { service.Parse(pair); } parsed = true; break; } } if (parsed) { continue; } if (!_options.AllowCustomQueryParameters) { throw new JsonApiException(400, $"{pair} is not a valid query."); } } }
public ModelAttributesInfo(Type modelType) { QueryAuthAttributes = GetAuthAttributesOfClassOrDirectTopClass <QueryAuthAttribute>(modelType); QueryEntryAuthAttributes = GetAuthAttributesOfClassOrDirectTopClass <QueryEntryAuthAttribute>(modelType); UpdateAuthAttributes = GetAuthAttributesOfClassOrDirectTopClass <UpdateAuthAttribute>(modelType); DeleteAuthAttributes = GetAuthAttributesOfClassOrDirectTopClass <DeleteAuthAttribute>(modelType); CreateAuthAttributes = GetAuthAttributesOfClassOrDirectTopClass <CreateAuthAttribute>(modelType); CreateEventAttributes = GetHookAttributeOfClassAndTopClasses <CreateEventAttribute>(modelType); UpdateEventAttributes = GetHookAttributeOfClassAndTopClasses <UpdateEventAttribute>(modelType); DeleteEventAttributes = GetHookAttributeOfClassAndTopClasses <DeleteEventAttribute>(modelType); QueryAttributes = GetQueryAttributes(modelType); UpdateableAttribute = modelType.GetCustomAttribute <UpdateableAttribute>(false); DisableAutoMergeAttribute = modelType.GetCustomAttribute <DisableAutoMergeAttribute>(false); DisableCreateAttribute = modelType.GetCustomAttribute <DisableCreateAttribute>(true); DisableUpdateAttribute = modelType.GetCustomAttribute <DisableUpdateAttribute>(true); DisableDeleteAttribute = modelType.GetCustomAttribute <DisableDeleteAttribute>(true); DisableQueryAttribute = modelType.GetCustomAttribute <DisableQueryAttribute>(true); }
/// <inheritdoc/> public virtual void ReadAll(DisableQueryAttribute disableQueryAttribute) { disableQueryAttribute ??= DisableQueryAttribute.Empty; foreach (var(parameterName, parameterValue) in _queryStringAccessor.Query) { if (string.IsNullOrEmpty(parameterValue)) { throw new InvalidQueryStringParameterException(parameterName, "Missing query string parameter value.", $"Missing value for '{parameterName}' query string parameter."); } var reader = _parameterReaders.FirstOrDefault(r => r.CanRead(parameterName)); if (reader != null) { _logger.LogDebug( $"Query string parameter '{parameterName}' with value '{parameterValue}' was accepted by {reader.GetType().Name}."); if (!reader.IsEnabled(disableQueryAttribute)) { throw new InvalidQueryStringParameterException(parameterName, "Usage of one or more query string parameters is not allowed at the requested endpoint.", $"The parameter '{parameterName}' cannot be used at this endpoint."); } reader.Read(parameterName, parameterValue); _logger.LogDebug($"Query string parameter '{parameterName}' was successfully read."); } else if (!_options.AllowUnknownQueryStringParameters) { throw new InvalidQueryStringParameterException(parameterName, "Unknown query string parameter.", $"Query string parameter '{parameterName}' is unknown. " + $"Set '{nameof(IJsonApiOptions.AllowUnknownQueryStringParameters)}' to 'true' in options to ignore unknown parameters."); } } }
/// <inheritdoc/> public bool IsEnabled(DisableQueryAttribute disableQueryAttribute) { return(!disableQueryAttribute.ContainsParameter(StandardQueryStringParameters.Fields)); }
/// <inheritdoc/> public bool IsEnabled(DisableQueryAttribute disableQueryAttribute) { return(_options.AllowQueryStringOverrideForSerializerDefaultValueHandling && !disableQueryAttribute.ContainsParameter(StandardQueryStringParameters.Defaults)); }
public bool IsEnabled(DisableQueryAttribute disableQueryAttribute) { return(!disableQueryAttribute.ParameterNames.Contains(_skipCacheParameterName.ToLowerInvariant())); }
/// <inheritdoc/> public bool IsEnabled(DisableQueryAttribute disableQueryAttribute) { return(true); }