public async Task <string> GetParameterizedQueryStringAsync(Type type, IDictionary <string, string> parameters = null, bool addCount = false, UserApplicationRights rights = null, params object[] formatParams) { var queryString = await GetFullQueryTextAsync(type, addCount, rights); queryString = AddConditionsToQueryText(type, queryString, parameters); return(string.Format(queryString, formatParams)); }
private string GetFullQueryTextInternal(string queryString, Type type, bool addCount = false, UserApplicationRights rights = null) { var normalizedQueryString = NormalizeSqlQueryText(queryString); var result = normalizedQueryString; if (addCount) { result = AddRecordCountToQueryText(normalizedQueryString); } if (rights != null) { var rightsQueryString = GetRightsQueryString(type, rights); if (!string.IsNullOrEmpty(rightsQueryString)) { result += $" and {rightsQueryString}"; } } return(result); }
public async Task <string> GetFullQueryTextAsync(Type type, bool addCount = false, UserApplicationRights rights = null) { var queryString = await GetSqlTextAsync(type); return(GetFullQueryTextInternal(queryString, type, addCount, rights)); }
public string GetFullQueryText(Type type, bool addCount = false, UserApplicationRights rights = null) { var queryString = GetSqlText(type); return(GetFullQueryTextInternal(queryString, type, addCount, rights)); }
/// <summary> /// Gets rights query conditions string, that will be added to sql query as "where" clause /// </summary> /// <exception cref="NoRightsException">If user doesn't have permission at all</exception> /// <param name="type"></param> /// <param name="rights"></param> /// <returns></returns> public string GetRightsQueryString(Type type, UserApplicationRights rights) { var rightsQueryString = ""; var rls = rights.GetTypeFieldsRlsRights(type); foreach (var right in rls) { if (right.PermissionType == RowLevelModelPermissionType.No) { // this should never happen because such restriction will be resolved when entire entity is checked throw new NoRightsException($"Access to {type.Name} is denied by field {right.Name}"); } else if (right.PermissionType == RowLevelModelPermissionType.All) { continue; } else if (right.PermissionType == RowLevelModelPermissionType.Specified || right.PermissionType == RowLevelModelPermissionType.Except) { var idsString = ""; foreach (var id in right.Entities) { if (string.IsNullOrEmpty(idsString)) { idsString += "("; } else { idsString += ", "; } idsString += "'" + id.ToString() + "'"; } if (!string.IsNullOrEmpty(idsString)) { idsString += ")"; } if (right.PermissionType == RowLevelModelPermissionType.Specified) { idsString = "in " + idsString; } else { idsString = "not in " + idsString; } var fieldName = right.Name; if (_useSnakeCase) { fieldName = fieldName.ToSnakeCase(); } var startOfString = string.IsNullOrEmpty(_queryAlias) ? "" : _queryAlias + "." + fieldName; idsString = startOfString + " " + idsString; if (string.IsNullOrEmpty(rightsQueryString)) { rightsQueryString += idsString; } else { rightsQueryString += " and " + idsString; } } } return(rightsQueryString); }