public async Task <IActionResult> Search([FromBody] SearchBody body)
        {
            if (body == null)
            {
                return(BadRequest("No search body submitted"));
            }
            var             query = body.Query;
            DataApiSqlQuery parsedQuery;

            try
            {
                parsedQuery = DataApiSqlQueryParser.Parse(query);
            }
            catch (FormatException formatException)
            {
                return(BadRequest(formatException.Message));
            }

            // Validate
            var dataType = parsedQuery.FromArguments;

            // Authorize
            var loggedInUsername    = UsernameNormalizer.Normalize(HttpContext.User.Identity.Name);
            var resourceDescription = new SearchResourceDescription(dataType);
            var authorizationResult = await authorizationModule.AuthorizeAsync(resourceDescription, loggedInUsername);

            if (!authorizationResult.IsAuthorized)
            {
                return(StatusCode((int)HttpStatusCode.Unauthorized, "Not authorized"));
            }

            apiEventLogger.Log(LogLevel.Info, $"User '{authorizationResult.User.UserName}' submitted query '{query.RemoveLineBreaks()}'");
            return(await SearchExecutor.PerformSearch(dataRouter, query, body.Format));
        }
Beispiel #2
0
        public async Task <IActionResult> Get([FromQuery] string viewId, [FromQuery] string resultFormat)
        {
            // Validate
            if (string.IsNullOrEmpty(viewId))
            {
                return(BadRequest("View-ID not specified"));
            }

            var resultFormatEnum = ResultFormat.Json;

            if (resultFormat != null && !Enum.TryParse(resultFormat, out resultFormatEnum))
            {
                var validResultFormats = Enum.GetNames(typeof(ResultFormat)).Aggregate((a, b) => a + ", " + b);
                return(BadRequest($"Invalid output format '{resultFormat}'. Allowed values: {validResultFormats}"));
            }

            var view = await viewManager.GetView(viewId);

            if (view == null)
            {
                return(NotFound());
            }

            string parameterInsertedQuery;

            try
            {
                parameterInsertedQuery = QueryParameterInserter.InsertParameters(view.Query, QueryCollectionToDictionary(Request.Query));
            }
            catch (FormatException formatException)
            {
                return(BadRequest(formatException.Message));
            }

            // Authroize
            var loggedInUsername    = UsernameNormalizer.Normalize(HttpContext.User.Identity.Name);
            var dataType            = DetermineViewCollection(parameterInsertedQuery);
            var resourceDescription = new GetViewResourceDescription(dataType);
            var authorizationResult = await authorizationModule.AuthorizeAsync(resourceDescription, loggedInUsername);

            if (!authorizationResult.IsAuthorized)
            {
                return(new ContentResult
                {
                    Content = "Not authorized",
                    ContentType = "text/plain",
                    StatusCode = (int)HttpStatusCode.Unauthorized
                });
            }
            return(await SearchExecutor.PerformSearch(dataRouter, parameterInsertedQuery, resultFormatEnum));
        }