protected override bool IsAuthorized(HttpActionContext actionContext)
{
var roleManagerBso = new RoleManagerBso();
MvcAction action = new MvcAction
{
ActionName = actionContext.ActionDescriptor.ActionName,
ControllerName = actionContext.ControllerContext.Controller.ToString(),
ParameterTypes = actionContext.ActionDescriptor.GetParameters().Select(p => p.ParameterType.ToString()),
ReturnType = actionContext.ActionDescriptor.ReturnType.ToString()
};
//Get id of roles that are assigned to this action
var dbRoles = roleManagerBso.GetRolesByAction(action)?.Select(r => r.Name);
//if no role assigned to this action, it means all roles can have access to this action
if (dbRoles == null)
{
return(true);
}
var identity = (actionContext.RequestContext.Principal.Identity as ClaimsIdentity);
//Get the role claims that are attached to current identity
var claimRoles = identity.Claims.Where(c => c.Type == identity.RoleClaimType).Select(r => r.Value);
//Check if two sets of roles have something in common.
return(dbRoles.Intersect <string>(claimRoles).Count() > 0);
}
public IEnumerable <IScriptExtension> CreateForActionFunctionBody(MvcAction action)
{
List <IScriptExtension> exts = new List <IScriptExtension>();
bool hasQueryParam = HasAnyQueryParmeter(action);
if (hasQueryParam)
{
exts.Add(new InitUrlParamsScriptExtensions());
foreach (var queryP in GetSimpleQueryParams(action))
{
exts.Add(new AddSimpleParameterToQueryStringScriptExtension(queryP.Name));
}
foreach (string key in _constantQueryParams.Keys)
{
foreach (var val in _constantQueryParams.GetValues(key))
{
exts.Add(new AddKeyValueToQueryStringScriptExtension(key, val));
}
}
foreach (var queryP in GetComplexQueryParams(action))
{
exts.Add(new AddComplexParameterToQueryStringScriptExtension(queryP.Name));
}
}
return(exts);
}
public MvcActionTextTemplate(MvcAction action, ScriptExtensionsFactory extensionsFactory, FetchFunctionDescriptor fetchFunc, TypeFormatter formatter)
{
_action = action;
_formatter = formatter;
_fetchFunc = fetchFunc;
_bodyExtensions = extensionsFactory.CreateForActionFunctionBody(action);
}
private static void AddActionImports(ImportManager imports, MvcAction action)
{
imports.TryAddToImports(action.ReturnType);
foreach (var param in action.ActionParameters)
{
foreach (var type in param.Types)
{
imports.TryAddToImports(type);
}
}
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
action = new MvcAction
{
ActionName = filterContext.ActionDescriptor.ActionName,
ControllerName = filterContext.Controller.ToString(),
ParameterTypes = filterContext.ActionDescriptor.GetParameters().Select(p => p.ParameterType.ToString()),
ReturnType = (filterContext.ActionDescriptor as ReflectedActionDescriptor).MethodInfo.ReturnParameter.ToString().Trim()
};
base.OnAuthorization(filterContext);
}
public IHttpActionResult AddRolesToAction(MvcAction mvcAction)
{
try
{
RoleManagerBso.AddRolesToAction(mvcAction);
return(Ok());
}
catch (Exception e)
{
return(InternalServerError(e));
}
}
/// <summary>
/// Get action entity from database by MvcAction object
/// </summary>
/// <param name="mvcAction"></param>
/// <returns></returns>
private Models.Action GetAction(MvcAction mvcAction)
{
var actions = UnitOfWork.Repository <Models.Action>()
.Get(a => a.ControllerName == mvcAction.ControllerName && a.ActionName == mvcAction.ActionName).ToList();
string parameterTypes = "";
if (mvcAction.ParameterTypes != null)
{
parameterTypes = string.Join(",", mvcAction.ParameterTypes.ToArray());
}
if (actions.Count() == 0)
{
return(null);
}
return(actions.Where(a => a.ReturnType == mvcAction.ReturnType && a.ParameterTypes == parameterTypes)
.FirstOrDefault());
}
/// <summary>
/// Save roles to action
/// </summary>
/// <param name="mvcAction"></param>
public void AddRolesToAction(MvcAction mvcAction)
{
Models.Action action = this.GetAction(mvcAction);
if (action == null)
{
action = new Models.Action
{
ActionName = mvcAction.ActionName,
ControllerName = mvcAction.ControllerName,
ParameterTypes = string.Join(",", mvcAction.ParameterTypes.ToArray()),
ReturnType = mvcAction.ReturnType
};
UnitOfWork.Repository <Models.Action>().Insert(action);
}
AddRolesToAction(mvcAction.Roles, action);
UnitOfWork.Save();
}
public string ResolveParameter(MvcAction action)
{
var compiledParams = action.GetCompiledParameters();
var actionQueryParams = compiledParams.Where(p => p.BindingType == ActionParameterSourceType.Query).ToList();
string urlParamQueryPart = actionQueryParams.Count > 0 || _constantQueryParams.Count > 0
? $"${{{QueryParameterHelperFunctions.GetQueryStringFuncName}({InitUrlParamsScriptExtensions.UrlParamsVarName})}}"
: "";;
// Add the route params
string route = action.GetRouteTemplate(_baseUrl);
var routeParamNames = compiledParams.Where(p => p.BindingType == ActionParameterSourceType.Route).Select(p => p.Name);
foreach (string paramName in routeParamNames)
{
route = route.Replace($"{{{paramName}}}", $"${{{paramName}}}");
}
return($"`{route}{urlParamQueryPart}`");
}
public string ResolveParameter(MvcAction action)
{
if (!action.RequestMethod.HasBody)
{
return("null");
}
var bodyParams = action.ActionParameters.Where(p => p.BindingType == ActionParameterSourceType.Body).ToList();
if (bodyParams.Count == 0)
{
return("null");
}
else if (bodyParams.Count > 1)
{
throw new InvalidOperationException("More than one body parameter is not supported: " + string.Join(", ", bodyParams.Select(b => b.Name)));
}
else
{
// If we are only using a single parameter model binding (i.e. asp.net core), then the object itself should be the body
return(bodyParams[0].Name);
}
}
/// <summary>
/// Get associated roles by action
/// </summary>
/// <param name="mvcAction"></param>
/// <returns></returns>
public List <MvcRole> GetRolesByAction(MvcAction mvcAction)
{
//Only ControllerName and ActionName have indexes.
//Most of cases, controller and action name should be able to identify the right record.
var action = this.GetAction(mvcAction);
var actionRoles = action?.Roles;
if (actionRoles == null)
{
return(null);
}
List <MvcRole> selectedRoles = new List <MvcRole>();
foreach (var role in actionRoles)
{
selectedRoles.Add(new MvcRole {
Id = role.Id, Name = role.Name
});
}
return(selectedRoles);
}
public abstract string TryResolve(string currentRoute, MvcController controller, MvcAction action);
public override string TryResolve(string currentRoute, MvcController controller, MvcAction action) => _func(currentRoute, controller, action);
public override string TryResolve(string currentRoute, MvcController controller, MvcAction action)
{
var apiVersionAttr = controller.NamedType.Attributes.LastOrDefault(attr => attr.AttributeType.FullName == _attrTypeFullName);
if (apiVersionAttr == null)
{
return(currentRoute);
}
// TODO: can override on action... but eh for now
string version = apiVersionAttr.ConstructorArguments[0].ToString();
return(s_apiVersionToken.Replace(currentRoute, version));
}
public override bool Evaluate(MvcAction action) => true;
private IEnumerable <MvcActionParameter> GetSimpleQueryParams(MvcAction action) => action.ActionParameters.Where(p => p.BindingType == ActionParameterSourceType.Query && p.Types.Any(t => !t.IsComplexType()));
private static void CompileActionImport(ImportManager imports, ControllerContext context, MvcAction actionInfo)
{
FetchFunctionDescriptor fetchDescriptor = context.FetchFunctionResolver.Resolve(actionInfo.RequestMethod.Name);
string funcKey = "fetch-" + fetchDescriptor.FetchModulePath;
if (!imports.ContainsImportPath(funcKey))
{
imports.AddImport(funcKey, new ImportStatement(context.OutputPath, fetchDescriptor.FetchModulePath, false));
}
ImportStatement ajaxImport = imports.GetImportAtPath(funcKey);
ajaxImport.AddItem(fetchDescriptor.FunctionName);
AddActionImports(imports, actionInfo);
TryAddAdditionalImports(imports, context, fetchDescriptor.AdditionalImports);
}
private bool HasAnyQueryParmeter(MvcAction action) => _constantQueryParams.Count > 0 || action.ActionParameters.Any(p => p.BindingType == ActionParameterSourceType.Query);
public string ResolveParameter(MvcAction action) => _parameter.Name;
public string ResolveParameter(MvcAction action) => $"\"{action.RequestMethod.MethodName}\"";
public MvcActionTester(ControllerContext context, MvcAction method, TypeFormatter typeFormatter)
{
_context = context;
_method = method;
_typeFormatter = typeFormatter;
}
/// <summary>
/// Evaluates the action for whether it should be included
/// </summary>
/// <param name="action">The action</param>
/// <returns>True if it should be included</returns>
public override bool Evaluate(MvcAction action)
{
return(action.Attributes.Any(attr => _attributeFilter.Matches(attr.AttributeType)));
}
public List <MvcRole> GetRolesByAction(MvcAction mvcAction)
{
return(RoleManagerBso.GetRolesByAction(mvcAction));
}
private bool HasAnyComplexQueryParmeter(MvcAction action) => GetComplexQueryParams(action).Any();
private MvcActionTextTemplate CreateTemplateForAction(MvcAction action) => new MvcActionTextTemplate(action, _scriptExtensions, _context.FetchFunctionResolver.Resolve(action.RequestMethod.Name), _formatter);
/// <summary> /// Evaluates the action for whether it should be included /// </summary> /// <param name="action">The action</param> /// <returns>True if it should be included</returns> public abstract bool Evaluate(MvcAction action);
