public async Task <IActionResult> Get([FromQuery] string viewId, [FromQuery] string resultFormat) { // Validate if (string.IsNullOrEmpty(viewId)) { return(BadRequest("View-ID not specified")); } var resultFormatEnum = ResultFormat.Json; if (resultFormat != null && !Enum.TryParse(resultFormat, out resultFormatEnum)) { var validResultFormats = Enum.GetNames(typeof(ResultFormat)).Aggregate((a, b) => a + ", " + b); return(BadRequest($"Invalid output format '{resultFormat}'. Allowed values: {validResultFormats}")); } var view = await viewManager.GetView(viewId); if (view == null) { return(NotFound()); } string parameterInsertedQuery; try { parameterInsertedQuery = QueryParameterInserter.InsertParameters(view.Query, QueryCollectionToDictionary(Request.Query)); } catch (FormatException formatException) { return(BadRequest(formatException.Message)); } // Authroize var loggedInUsername = UsernameNormalizer.Normalize(HttpContext.User.Identity.Name); var dataType = DetermineViewCollection(parameterInsertedQuery); var resourceDescription = new GetViewResourceDescription(dataType); var authorizationResult = await authorizationModule.AuthorizeAsync(resourceDescription, loggedInUsername); if (!authorizationResult.IsAuthorized) { return(new ContentResult { Content = "Not authorized", ContentType = "text/plain", StatusCode = (int)HttpStatusCode.Unauthorized }); } return(await SearchExecutor.PerformSearch(dataRouter, parameterInsertedQuery, resultFormatEnum)); }
public void ThrowsIfAnyParameterContainsCurlyBrackets() { var query = "SELECT {par1} FROM {par2} WHERE id = '{Par_3}'"; var parameters = new Dictionary <string, List <string> > { { "par1", new List <string> { "abc}" } }, { "par2", new List <string> { "{edf" } }, { "Par_3", new List <string> { "0" } } }; Assert.That(() => QueryParameterInserter.InsertParameters(query, parameters), Throws.Exception); }
public void ThrowsIfAnyParameterHasMultipleValues() { var query = "SELECT {par1} FROM {par2} WHERE id = '{Par_3}'"; var parameters = new Dictionary <string, List <string> > { { "par1", new List <string> { "abc" } }, { "par2", new List <string> { "edf", "ghi" } }, { "Par_3", new List <string> { "0" } } }; Assert.That(() => QueryParameterInserter.InsertParameters(query, parameters), Throws.Exception); }
public void ThrowsArgumentNullIfQueryNull() { string query = null; var parameters = new Dictionary <string, List <string> > { { "par1", new List <string> { "abc" } }, { "par2", new List <string> { "edf" } }, { "notused", new List <string> { "0" } } }; Assert.That(() => QueryParameterInserter.InsertParameters(query, parameters), Throws.ArgumentNullException); }
public void ParametersAreInsertedInQuery() { var query = "SELECT {par1} FROM {par2} WHERE id = '{Par_3}'"; var parameters = new Dictionary <string, List <string> > { { "par1", new List <string> { "abc" } }, { "par2", new List <string> { "edf" } }, { "Par_3", new List <string> { "0" } } }; string actual = null; Assert.That(() => actual = QueryParameterInserter.InsertParameters(query, parameters), Throws.Nothing); Assert.That(actual, Is.EqualTo("SELECT abc FROM edf WHERE id = '0'")); }
public void ThrowsArgumentNullIfParameterDictionaryNull() { var query = "SELECT {par1} FROM {par2} WHERE id = '{Par_3}'"; Assert.That(() => QueryParameterInserter.InsertParameters(query, null), Throws.ArgumentNullException); }