public async Task <IActionResult> Get([FromQuery] string viewId, [FromQuery] string resultFormat)
{
// Validate
if (string.IsNullOrEmpty(viewId))
{
return(BadRequest("View-ID not specified"));
}
var resultFormatEnum = ResultFormat.Json;
if (resultFormat != null && !Enum.TryParse(resultFormat, out resultFormatEnum))
{
var validResultFormats = Enum.GetNames(typeof(ResultFormat)).Aggregate((a, b) => a + ", " + b);
return(BadRequest($"Invalid output format '{resultFormat}'. Allowed values: {validResultFormats}"));
}
var view = await viewManager.GetView(viewId);
if (view == null)
{
return(NotFound());
}
string parameterInsertedQuery;
try
{
parameterInsertedQuery = QueryParameterInserter.InsertParameters(view.Query, QueryCollectionToDictionary(Request.Query));
}
catch (FormatException formatException)
{
return(BadRequest(formatException.Message));
}
// Authroize
var loggedInUsername = UsernameNormalizer.Normalize(HttpContext.User.Identity.Name);
var dataType = DetermineViewCollection(parameterInsertedQuery);
var resourceDescription = new GetViewResourceDescription(dataType);
var authorizationResult = await authorizationModule.AuthorizeAsync(resourceDescription, loggedInUsername);
if (!authorizationResult.IsAuthorized)
{
return(new ContentResult
{
Content = "Not authorized",
ContentType = "text/plain",
StatusCode = (int)HttpStatusCode.Unauthorized
});
}
return(await SearchExecutor.PerformSearch(dataRouter, parameterInsertedQuery, resultFormatEnum));
}
public void ThrowsIfAnyParameterContainsCurlyBrackets()
{
var query = "SELECT {par1} FROM {par2} WHERE id = '{Par_3}'";
var parameters = new Dictionary <string, List <string> >
{
{ "par1", new List <string> {
"abc}"
} },
{ "par2", new List <string> {
"{edf"
} },
{ "Par_3", new List <string> {
"0"
} }
};
Assert.That(() => QueryParameterInserter.InsertParameters(query, parameters), Throws.Exception);
}
public void ThrowsIfAnyParameterHasMultipleValues()
{
var query = "SELECT {par1} FROM {par2} WHERE id = '{Par_3}'";
var parameters = new Dictionary <string, List <string> >
{
{ "par1", new List <string> {
"abc"
} },
{ "par2", new List <string> {
"edf", "ghi"
} },
{ "Par_3", new List <string> {
"0"
} }
};
Assert.That(() => QueryParameterInserter.InsertParameters(query, parameters), Throws.Exception);
}
public void ThrowsArgumentNullIfQueryNull()
{
string query = null;
var parameters = new Dictionary <string, List <string> >
{
{ "par1", new List <string> {
"abc"
} },
{ "par2", new List <string> {
"edf"
} },
{ "notused", new List <string> {
"0"
} }
};
Assert.That(() => QueryParameterInserter.InsertParameters(query, parameters), Throws.ArgumentNullException);
}
public void ParametersAreInsertedInQuery()
{
var query = "SELECT {par1} FROM {par2} WHERE id = '{Par_3}'";
var parameters = new Dictionary <string, List <string> >
{
{ "par1", new List <string> {
"abc"
} },
{ "par2", new List <string> {
"edf"
} },
{ "Par_3", new List <string> {
"0"
} }
};
string actual = null;
Assert.That(() => actual = QueryParameterInserter.InsertParameters(query, parameters), Throws.Nothing);
Assert.That(actual, Is.EqualTo("SELECT abc FROM edf WHERE id = '0'"));
}
public void ThrowsArgumentNullIfParameterDictionaryNull()
{
var query = "SELECT {par1} FROM {par2} WHERE id = '{Par_3}'";
Assert.That(() => QueryParameterInserter.InsertParameters(query, null), Throws.ArgumentNullException);
}
