public async Task ExecuteAsync(QueryContext context)
{
_repo.Apply(context.Descriptor, context.Params);
if (!string.IsNullOrEmpty(context.Params.Id))
{
object[] id;
try
{
id = _repo.ParseId(context.Params.Id);
}
catch (Exception ex)
{
throw new QueryException("id format incorrect", QueryErrorCode.BadRequest, ex);
}
var found = await _repo.FindAsync(id, context.CancellationToken);
if (found == null)
{
context.Succeed(new T[0]);
return;
}
if (context.Descriptor.OnlyOwnerCanRead)
{
var authContext = new AuthorizationContext <T>(context);
var authorized = await authContext.AuthorizeAsync(found, context.Descriptor.DeletePolicy);
if (authorized)
{
context.Succeed(new [] { found });
}
else
{
context.Fail(null, QueryErrorCode.Unauthorized, "unauthorized");
}
}
else
{
context.Succeed(new[] { found });
}
}
else
{
if (context.Params.Page.HasValue || context.Params.Offset.HasValue)
{
var pagination = new Pagination();
if (context.Params.Page.HasValue)
{
pagination.Page = context.Params.Page.Value;
}
if (context.Params.Offset.HasValue)
{
pagination.Offset = context.Params.Offset.Value;
}
if (context.Params.PageSize.HasValue)
{
pagination.PageSize = context.Params.PageSize.Value;
}
if (context.Params.Limit.HasValue)
{
pagination.Limit = context.Params.Limit.Value;
}
Utils.Map(context.Descriptor, context.Params, pagination);
var paged = await _repo.GetPagedAsync(pagination, context.CancellationToken);
if (context.Descriptor.OnlyOwnerCanRead)
{
var authContext = new AuthorizationContext <T>(context);
foreach (var record in paged.Records)
{
var authorized = await authContext.AuthorizeAsync(record, context.Descriptor.DeletePolicy);
if (authorized)
{
continue;
}
context.Fail(null, QueryErrorCode.Unauthorized, "unauthorized");
return;
}
}
else
{
context.Succeed(paged);
}
}
else
{
var condition = new Condition();
Utils.Map(context.Descriptor, context.Params, condition);
var collection = await _repo.ListAsync(condition, context.CancellationToken);
if (context.Descriptor.OnlyOwnerCanRead)
{
var authContext = new AuthorizationContext <T>(context);
foreach (var record in collection)
{
var authorized = await authContext.AuthorizeAsync(record, context.Descriptor.DeletePolicy);
if (authorized)
{
continue;
}
context.Fail(null, QueryErrorCode.Unauthorized, "unauthorized");
return;
}
}
else
{
context.Succeed(collection);
}
}
}
}