private Dictionary <string, IEnumerable <Dictionary <string, object> > > BuildQueryAndRun(
IApp app,
string name,
string stream,
bool includeGuid,
IContextOfSite context,
bool userMayEdit,
AppQueryParameters more)
{
var wrapLog = Log.Call($"name:{name}, stream:{stream}, withModule:{(context as IContextOfBlock)?.Module.Id}");
var query = app.GetQuery(name);
if (query == null)
{
var msg = $"query '{name}' not found";
wrapLog(msg);
throw new HttpExceptionAbstraction(HttpStatusCode.NotFound, msg, "query not found");
}
var permissionChecker = context.ServiceProvider.Build <AppPermissionCheck>()
.ForItem(context, app, query.Definition.Entity, Log);
var readExplicitlyAllowed = permissionChecker.UserMay(GrantSets.ReadSomething);
var isAdmin = context.User.IsAdmin;
// Only return query if permissions ok
if (!(readExplicitlyAllowed || isAdmin))
{
var msg = $"Request not allowed. User does not have read permissions for query '{name}'";
wrapLog(msg);
throw new HttpExceptionAbstraction(HttpStatusCode.Unauthorized, msg, "Request not allowed");
}
var serializer = new DataToDictionary(userMayEdit)
{
WithGuid = includeGuid
};
if (stream == AllStreams)
{
stream = null;
}
var result = serializer.Convert(query, stream?.Split(','), more?.Guids);
wrapLog(null);
return(result);
}
public Dictionary <string, IEnumerable <Dictionary <string, object> > > PublicQuery(string appPath, string name, string stream, AppQueryParameters more)
{
var wrapLog = Log.Call($"path:{appPath}, name:{name}, stream: {stream}");
if (string.IsNullOrEmpty(name))
{
throw HttpException.MissingParam(nameof(name));
}
var appCtx = _ctxResolver.AppOrBlock(appPath);
var queryApp = ServiceProvider.Build <Apps.App>().Init(appCtx.AppState,
ServiceProvider.Build <AppConfigDelegate>().Init(Log).Build(appCtx.UserMayEdit), Log);
// now just run the default query check and serializer
var result = BuildQueryAndRun(queryApp, name, stream, false, appCtx, appCtx.UserMayEdit, more);
wrapLog(null);
return(result);
}
public Dictionary <string, IEnumerable <Dictionary <string, object> > > Query(int?appId, string name, bool includeGuid, string stream, AppQueryParameters more)
{
var wrapLog = Log.Call($"'{name}', inclGuid: {includeGuid}, stream: {stream}");
var appCtx = appId != null?_ctxResolver.BlockOrApp(appId.Value) : _ctxResolver.BlockRequired();
// If no app available from context, check if an app-id was supplied in url
// Note that it may only be an app from the current portal
// and security checks will run internally
var app = ServiceProvider.Build <Apps.App>().Init(ServiceProvider, appCtx.AppState.AppId, Log, appCtx.UserMayEdit);
var result = BuildQueryAndRun(app, name, stream, includeGuid, appCtx, appCtx.UserMayEdit, more);
wrapLog(null);
return(result);
}
