public async Task <string> GetParameterizedQueryStringAsync(Type type,
IDictionary <string, string> parameters = null,
bool addCount = false,
UserApplicationRights rights = null,
params object[] formatParams)
{
var queryString = await GetFullQueryTextAsync(type, addCount, rights);
queryString = AddConditionsToQueryText(type, queryString, parameters);
return(string.Format(queryString, formatParams));
}
private string GetFullQueryTextInternal(string queryString, Type type, bool addCount = false, UserApplicationRights rights = null)
{
var normalizedQueryString = NormalizeSqlQueryText(queryString);
var result = normalizedQueryString;
if (addCount)
{
result = AddRecordCountToQueryText(normalizedQueryString);
}
if (rights != null)
{
var rightsQueryString = GetRightsQueryString(type, rights);
if (!string.IsNullOrEmpty(rightsQueryString))
{
result += $" and {rightsQueryString}";
}
}
return(result);
}
public async Task <string> GetFullQueryTextAsync(Type type, bool addCount = false, UserApplicationRights rights = null)
{
var queryString = await GetSqlTextAsync(type);
return(GetFullQueryTextInternal(queryString, type, addCount, rights));
}
public string GetFullQueryText(Type type, bool addCount = false, UserApplicationRights rights = null)
{
var queryString = GetSqlText(type);
return(GetFullQueryTextInternal(queryString, type, addCount, rights));
}
/// <summary>
/// Gets rights query conditions string, that will be added to sql query as "where" clause
/// </summary>
/// <exception cref="NoRightsException">If user doesn't have permission at all</exception>
/// <param name="type"></param>
/// <param name="rights"></param>
/// <returns></returns>
public string GetRightsQueryString(Type type, UserApplicationRights rights)
{
var rightsQueryString = "";
var rls = rights.GetTypeFieldsRlsRights(type);
foreach (var right in rls)
{
if (right.PermissionType == RowLevelModelPermissionType.No)
{
// this should never happen because such restriction will be resolved when entire entity is checked
throw new NoRightsException($"Access to {type.Name} is denied by field {right.Name}");
}
else if (right.PermissionType == RowLevelModelPermissionType.All)
{
continue;
}
else if (right.PermissionType == RowLevelModelPermissionType.Specified ||
right.PermissionType == RowLevelModelPermissionType.Except)
{
var idsString = "";
foreach (var id in right.Entities)
{
if (string.IsNullOrEmpty(idsString))
{
idsString += "(";
}
else
{
idsString += ", ";
}
idsString += "'" + id.ToString() + "'";
}
if (!string.IsNullOrEmpty(idsString))
{
idsString += ")";
}
if (right.PermissionType == RowLevelModelPermissionType.Specified)
{
idsString = "in " + idsString;
}
else
{
idsString = "not in " + idsString;
}
var fieldName = right.Name;
if (_useSnakeCase)
{
fieldName = fieldName.ToSnakeCase();
}
var startOfString = string.IsNullOrEmpty(_queryAlias) ? "" : _queryAlias + "." + fieldName;
idsString = startOfString + " " + idsString;
if (string.IsNullOrEmpty(rightsQueryString))
{
rightsQueryString += idsString;
}
else
{
rightsQueryString += " and " + idsString;
}
}
}
return(rightsQueryString);
}
