public DynamicEntityOperationInfoModel(
[NotNull] ModelDefinition modelDefinition,
[CanBeNull] DynamicEntities.DynamicEntity dynamicEntity = null,
[CanBeNull] DynamicQueryGroup filterGroup = null)
{
ModelDefinition = modelDefinition;
DynamicEntity = dynamicEntity;
FilterGroup = filterGroup;
}
public virtual IQueryable <T> ExecuteDynamicQuery <T>(IQueryable <T> query, DynamicQueryGroup group) where T : class
{
if (group == null || (group.Conditions.IsNullOrEmpty() && group.Groups.IsNullOrEmpty()))
{
return(query);
}
int index = 0;
var whereClause = GenerateWhereClause(group, ref index);
var lstValues = new List <object>();
group.Travel((_, condition) => lstValues.Add(condition.Value));
return(query.Where(whereClause, lstValues.ToArray()));
}
public static void Travel(this DynamicQueryGroup group,
Action <DynamicQueryGroup, DynamicQueryCondition> conditionAction
)
{
if (!group.Conditions.IsNullOrEmpty())
{
foreach (var condition in group.Conditions)
{
conditionAction(group, condition);
}
}
if (!group.Groups.IsNullOrEmpty())
{
foreach (var subGroup in group.Groups)
{
Travel(subGroup, conditionAction);
}
}
}
protected virtual string GenerateWhereClause(DynamicQueryGroup group, ref int index)
{
var lstConditions = new List <string>();
if (!group.Conditions.IsNullOrEmpty())
{
foreach (var condition in group.Conditions)
{
lstConditions.Add(ConvertToCondition(condition, index++));
}
}
if (!group.Groups.IsNullOrEmpty())
{
foreach (var subGroup in group.Groups)
{
lstConditions.Add(GenerateWhereClause(subGroup, ref index));
}
}
return($"({lstConditions.JoinAsString(group.Type == GroupType.Add ? " && " : " || ")})");
}
public async Task ShouldPreventSqlInjection()
{
await WithUnitOfWorkAsync(async() =>
{
// Arrange
var filters = new DynamicQueryGroup
{
Type = GroupType.And,
Conditions = new List <DynamicQueryCondition>
{
new DynamicQueryCondition {
FieldName = "a", Operator = DynamicQueryOperator.Contain, Value = "1 OR 1 = 1; --"
}
}
};
// Act
var output = await(await _dynamicEntityRepository.ExecuteDynamicQueryAsync(filters)).ToListAsync();
// Assert
output.Count.ShouldBe(0);
});
}
public async Task ShouldGetQueryByListFilter()
{
await WithUnitOfWorkAsync(async() =>
{
// Arrange
var filters = new DynamicQueryGroup
{
Type = GroupType.And,
Conditions = new List <DynamicQueryCondition>
{
new DynamicQueryCondition {
FieldName = "price", Operator = DynamicQueryOperator.GreaterOrEqual, Value = 200
}
},
};
// Act
var output = await(await _dynamicEntityRepository.ExecuteDynamicQueryAsync(filters)).ToListAsync();
// Assert
output.Count.ShouldBe(1);
output[0].GetProperty("Name", "Book2");
});
}
public IQueryable <DynamicEntity> ExecuteDynamicQuery(DynamicQueryGroup group)
{
return(_dynamicQueryHelper.ExecuteDynamicQuery(DbSet.AsQueryable(), group));
}
public virtual async Task <IQueryable <DynamicEntity> > ExecuteDynamicQueryAsync(DynamicQueryGroup group)
{
return(_dynamicQueryHelper.ExecuteDynamicQuery((await GetDbSetAsync()).AsQueryable(), group));
}
