public CommandResult Execute(ICommandInfo commandInfo)
{
var saveInfo = (SaveEntityCommandInfo)commandInfo;
if (saveInfo.Entity == null)
{
throw new ClientException("Invalid SaveEntityCommand argument: Entity is not set.");
}
// We need to check delete permissions before actually deleting items
// and update items before AND after they are updated.
var genericRepository = _genericRepositories.GetGenericRepository(saveInfo.Entity);
var updateDeleteItems = ConcatenateNullable(saveInfo.DataToDelete, saveInfo.DataToUpdate);
if (updateDeleteItems != null)
{
if (!_serverCommandsUtility.CheckAllItemsWithinFilter(updateDeleteItems, RowPermissionsWriteInfo.FilterName, genericRepository))
{
_persistenceTransaction.DiscardChanges();
Guid?missingId;
if (_serverCommandsUtility.MissingItemId(saveInfo.DataToDelete, genericRepository, out missingId))
{
throw new ClientException($"Deleting a record that does not exist in database. DataStructure={saveInfo.Entity}, ID={missingId}");
}
else if (_serverCommandsUtility.MissingItemId(saveInfo.DataToUpdate, genericRepository, out missingId))
{
throw new ClientException($"Updating a record that does not exist in database. DataStructure={saveInfo.Entity}, ID={missingId}");
}
else
{
throw new UserException("You are not authorized to write some or all of the provided data. Insufficient permissions to modify the existing data.", "DataStructure:" + saveInfo.Entity + ".");
}
}
}
genericRepository.Save(saveInfo.DataToInsert, saveInfo.DataToUpdate, saveInfo.DataToDelete, true);
var insertUpdateItems = ConcatenateNullable(saveInfo.DataToInsert, saveInfo.DataToUpdate);
// We rely that this call will only use IDs of the items, because other data might be dirty.
if (insertUpdateItems != null)
{
if (!_serverCommandsUtility.CheckAllItemsWithinFilter(insertUpdateItems, RowPermissionsWriteInfo.FilterName, genericRepository))
{
_persistenceTransaction.DiscardChanges();
throw new UserException("You are not authorized to write some or all of the provided data. Insufficient permissions to apply the new data.", "DataStructure:" + saveInfo.Entity + ".");
}
}
return(new CommandResult
{
Message = "Command executed",
Success = true
});
}
public CommandResult Execute(ICommandInfo commandInfo)
{
var readInfo = commandInfo as ReadCommandInfo;
if (readInfo == null)
{
return(CommandResult.Fail("CommandInfo does not implement ReadCommandInfo"));
}
if (readInfo.DataSource == null)
{
throw new ClientException("Invalid ReadCommand argument: Data source is not set.");
}
var genericRepository = _repositories.GetGenericRepository(readInfo.DataSource);
ReadCommandResult result = _serverCommandsUtility.ExecuteReadCommand(readInfo, genericRepository);
if (result.Records != null && !AlreadyFilteredByRowPermissions(readInfo))
{
var valid = _serverCommandsUtility.CheckAllItemsWithinFilter(result.Records, RowPermissionsReadInfo.FilterName, genericRepository);
if (!valid)
{
throw new UserException("You are not authorized to access some or all of the data requested.", "DataStructure:" + readInfo.DataSource + ".");
}
}
return(new CommandResult
{
Data = _dataTypeProvider.CreateBasicData(result),
Message = (result.Records != null ? result.Records.Length.ToString() : result.TotalCount.ToString()) + " row(s) found",
Success = true
});
}
