public bool CanUserAccess(ClaimsPrincipal principal)
{
return(HalcyonExtUtils.CanUserAccess(principal, halRefInfo.ActionMethodInfo, halRefInfo.ControllerType.GetTypeInfo()));
}
public async Task <EndpointDoc> GetDoc(string groupName, string method, string relativePath, EndpointDocBuilderOptions options)
{
if (relativePath == null)
{
relativePath = "";
}
else if (relativePath.EndsWith("/") || relativePath.EndsWith("\\"))
{
relativePath = relativePath.Substring(0, relativePath.Length - 1);
}
var group = descriptionProvider.ApiDescriptionGroups.Items.FirstOrDefault(i => i.GroupName == groupName);
if (group == null)
{
throw new InvalidOperationException($"Cannot find an api group for {groupName}. Did you declare a route to that group?");
}
var action = group.Items.FirstOrDefault(i => i.HttpMethod == method && i.RelativePath == relativePath);
if (action == null)
{
throw new InvalidOperationException($"Cannot find an api action for {relativePath} and method {method} in api group {groupName}.");
}
var description = new EndpointDoc();
bool handleFormData = true;
if (options.IncludeResponse)
{
var controllerActionDesc = action.ActionDescriptor as ControllerActionDescriptor;
if (controllerActionDesc != null)
{
var methodInfo = controllerActionDesc.MethodInfo;
//Check to see if the user can actually access the endpoint we requested
if (options.User != null && !HalcyonExtUtils.CanUserAccess(options.User, methodInfo, controllerActionDesc.ControllerTypeInfo))
{
throw new UnauthorizedAccessException("User cannot access requested endpoint");
}
var returnType = methodInfo.ReturnType;
if (returnType != typeof(void))
{
description.SetResponseSchema(await endpointDocCache.GetCachedResponse(groupName, method, relativePath, returnType, schemaBuilder.GetSchema));
}
}
}
if (options.IncludeRequest)
{
foreach (var param in action.ParameterDescriptions)
{
if (param.Source.IsFromRequest)
{
if (param.Source.CanAcceptDataFrom(BindingSource.Body))
{
description.SetRequestSchema(await endpointDocCache.GetCachedRequest(groupName, method, relativePath, param.Type, schemaBuilder.GetSchema));
}
else if (param.Source.CanAcceptDataFrom(BindingSource.Query))
{
description.SetRequestSchema(await endpointDocCache.GetCachedRequest(groupName, method, relativePath, param.ModelMetadata.ContainerType, schemaBuilder.GetSchema));
}
else if (handleFormData && param.Source.CanAcceptDataFrom(BindingSource.Form))
{
handleFormData = false; //This prevents this from running for everything that responsds to form, there should only be 1 per controller method.
//Discover the type from the action method, there is no way to get the real object type from the description when dealing with form input
Type type = null;
var controllerActionDescriptor = action.ActionDescriptor as ControllerActionDescriptor;
if (controllerActionDescriptor != null)
{
foreach (var arg in controllerActionDescriptor.MethodInfo.GetParameters())
{
if (arg.CustomAttributes.Any(i => i.AttributeType == typeof(FromFormAttribute)))
{
type = arg.ParameterType;
break;
}
}
}
if (type != null && validSchemaManager.IsValid(type))
{
description.SetRequestSchema(await endpointDocCache.GetCachedRequest(groupName, method, relativePath, type, async t =>
{
var schema = await schemaBuilder.GetSchema(t);
schema.SetDataIsForm(true);
return(schema);
}));
}
}
}
}
}
return(description);
}