public virtual async Task <IActionResult> OnUpdateAsync(SecurityFilterContext <T> context)
{
if (!await CanUpdateAsync(context))
{
return(Unauthorized(context));
}
return(null);
}
public virtual async Task <IActionResult> OnReadAsync(SecurityFilterContext <T> context)
{
if (!await CanReadAsync(context))
{
return(NotFound(context));
}
return(null);
}
protected async Task <IActionResult> ApplySecurityFiltersAsync <T>(
ActionExecutingContext context,
T patchEntity)
where T : class
{
if (context.HttpContext.Items.ContainsKey(HttpKey))
{
return(null);
}
context.HttpContext.Items.Add(HttpKey, true);
var controller = context.Controller as IODataCrudController <T>;
if (controller == null)
{
throw DoesNotImplementException(context.Controller, typeof(IODataCrudController <T>));
}
IActionResult result = null;
SecurityFilters = SecurityFilterTypes?
.Select(sft => ActivatorUtilities.CreateInstance(context.HttpContext.RequestServices, sft))
.Cast <ISecurityFilter>()
.ToArray();
var localSecurityFilters = await ResolveSecurityFiltersForRequestAsync(context, patchEntity)
?? new ISecurityFilter[]
{
};
var localSecurityFilters2 = await ResolveLocalSecurityFiltersAsync()
?? new ISecurityFilter[]
{
};
var securityFilters = localSecurityFilters.Concat(localSecurityFilters2).ToArray();
if (securityFilters.Any())
{
foreach (var securityFilter in securityFilters)
{
var entityById = default(T);
var hasId = false;
if (CheckId && securityFilter.CheckId)
{
entityById = (T)controller.TryGetModelFromId(context, out hasId);
}
var securityFilterContext = new SecurityFilterContext <T>(entityById ?? patchEntity, context, context.HttpContext, context.Controller as Controller, hasId);
if (!await securityFilter.CanUseAsync(securityFilterContext))
{
continue;
}
if (CheckId && hasId && entityById == null)
{
result = await securityFilter.OnNotFoundAsync(securityFilterContext);
}
else
{
switch (context.HttpContext.Request.Method)
{
case "GET":
result = await securityFilter.OnReadAsync(securityFilterContext);
break;
case "POST":
result = await securityFilter.OnCreateAsync(securityFilterContext);
break;
case "PATCH":
case "PUT":
result = await securityFilter.OnUpdateAsync(securityFilterContext);
break;
case "DELETE":
result = await securityFilter.OnDeleteAsync(securityFilterContext);
break;
}
}
}
}
return(result);
}
protected override Task <bool> CanEditAsync(SecurityFilterContext <T> context)
{
return(Task.FromResult(true));
}
public override Task <bool> CanReadAsync(SecurityFilterContext <T> context)
{
return(Task.FromResult(false));
}
Task <bool> ISecurityFilter.CanDeleteAsync(SecurityFilterContext context)
{
return(CanCreateAsync((SecurityFilterContext <T>)context));
}
Task <bool> ISecurityFilter.CanReadAsync(SecurityFilterContext context)
{
return(CanReadAsync((SecurityFilterContext <T>)context));
}
protected virtual StatusCodeResult NotFound(SecurityFilterContext <T> context)
{
return(context.Controller.NotFound());
}
protected virtual StatusCodeResult Unauthorized(SecurityFilterContext <T> context)
{
return(context.Controller.Unauthorized());
}
public Task <IActionResult> OnNotFoundAsync(SecurityFilterContext <T> context)
{
return(Task.FromResult <IActionResult>(context.Controller.NotFound()));
}
public virtual Task <bool> CanUpdateAsync(SecurityFilterContext <T> context)
{
return(CanEditAsync(context));
}
public virtual Task <bool> CanReadAsync(SecurityFilterContext <T> context)
{
return(Task.FromResult(true));
}
protected abstract Task <bool> CanEditAsync(SecurityFilterContext <T> context);
Task <IActionResult> ISecurityFilter.OnNotFoundAsync(SecurityFilterContext context)
{
return(OnNotFoundAsync((SecurityFilterContext <T>)context));
}
