private static string GetSelectExpression(DatabaseType dbType, RelationSecurityPathItem n)
{
if (n.IsClassifier)
{
return($"c{n.JoinOrder}.{SqlQuerySyntaxHelper.EscapeEntityName(dbType, n.AttributeName)}");
}
var fieldName = dbType == DatabaseType.Postgres ? $"\"{n.RelContentId}\"" : $"'{n.RelContentId}'";
var castToInt = dbType == DatabaseType.Postgres ? "::integer" : string.Empty;
return(n.LinkId.HasValue
? $"{SqlQuerySyntaxHelper.DbSchemaName(dbType)}.qp_link_ids({n.LinkId}{castToInt}, c{n.JoinOrder}.CONTENT_ITEM_ID{castToInt}, {SqlQuerySyntaxHelper.ToBoolSql(dbType, true)}) as {fieldName}"
: $"{SqlQuerySyntaxHelper.CastToString(dbType, $"c{n.Order}.content_item_id")} as {fieldName}");
}
public static string GetActionPermissionsAsQuery(QPModelDataContext context, decimal userId)
{
var databaseType = DatabaseTypeHelper.ResolveDatabaseType(context);
var actionSecQuery = GetPermittedItemsAsQuery(context,
userId,
startLevel: 0,
endLevel: 100,
entityTypeName: "BACKEND_ACTION"
);
var entitySecQuery = GetEntityPermissionAsQuery(context, userId);
var query = $@"
select AP.BACKEND_ACTION_ID, COALESCE(AP.PERMISSION_LEVEL, EP.PERMISSION_LEVEL, 0) AS PERMISSION_LEVEL from
(select L.PERMISSION_LEVEL AS PERMISSION_LEVEL, T.ID AS BACKEND_ACTION_ID, T.ENTITY_TYPE_ID FROM
({actionSecQuery}) P1
LEFT JOIN backend_action_access_permlevel P2 ON P1.BACKEND_ACTION_ID = P2.BACKEND_ACTION_ID and P1.permission_level = p2.permission_level and P2.{SqlQuerySyntaxHelper.EscapeEntityName(databaseType, "USER_ID")} = {userId}
RIGHT JOIN BACKEND_ACTION T ON P1.BACKEND_ACTION_ID = T.ID
LEFT join PERMISSION_LEVEL L ON P1.PERMISSION_LEVEL = L.PERMISSION_LEVEL
) AP
JOIN
({entitySecQuery}) EP ON AP.ENTITY_TYPE_ID = EP.ENTITY_TYPE_ID
";
return(query);
}
internal static string Escape(DatabaseType databaseType, string entityName) => SqlQuerySyntaxHelper.EscapeEntityName(databaseType, entityName);