Esempio n. 1
0
        public override void ExplicitVisit(ColumnReferenceExpression node)
        {
            RbacSelectColumn column = new RbacSelectColumn();

            if (node.MultiPartIdentifier.Identifiers.Count == 1)
            {
                column.Name  = node.MultiPartIdentifier.Identifiers[0].Value;
                column.Table = Table;
            }
            else if (node.MultiPartIdentifier.Identifiers.Count == 2)
            {
                column.Table.Alias = node.MultiPartIdentifier.Identifiers[0].Value;
                column.Name        = node.MultiPartIdentifier.Identifiers[1].Value;
            }
            else if (node.MultiPartIdentifier.Identifiers.Count == 3)
            {
                column.Table.Schema = node.MultiPartIdentifier.Identifiers[0].Value;
                column.Table.Alias  = node.MultiPartIdentifier.Identifiers[1].Value;
                column.Name         = node.MultiPartIdentifier.Identifiers[2].Value;
            }
            else
            {
                throw new NotImplementedException("unknown number of identifiers found in select statement, please report this issue!");
            }

            column.SetToken(node);
            Columns.Add(column);
        }
Esempio n. 2
0
        private void AddSelectColumn(string tableName, string columnName)
        {
            RbacSelectColumn column = new RbacSelectColumn();

            column.Alias      = string.Empty;
            column.Name       = columnName;
            column.Table.Name = tableName;
            Columns.Add(column);
        }
Esempio n. 3
0
        public bool ParseUsingSqlCommand()
        {
            if (TablesReferred == null)
            {
                TablesReferred = new List <RbacTable>();
            }
            else
            {
                TablesReferred.Clear();
            }

            try
            {
                using (SqlConnection connection = new SqlConnection(Context.ConnectionString))
                {
                    connection.Open();

                    SqlCommand    command     = new SqlCommand(OriginalQuery, connection);
                    SqlDataReader reader      = command.ExecuteReader(CommandBehavior.KeyInfo);
                    DataTable     schemaTable = reader.GetSchemaTable();
                    foreach (DataRow row in schemaTable.Rows)
                    {
                        //if (row["BaseTableName"].ToString() == "City")
                        //    Debugger.Break();

                        RbacSelectColumn column = new RbacSelectColumn();
                        column.Alias      = row["ColumnName"].ToString();
                        column.Name       = row["BaseColumnName"].ToString();
                        column.Table.Name = row["BaseTableName"].ToString();
                        Columns.Add(column);
                        RbacTable table = Context.User.Role.CrudPermissions.Find(column.Table.Name);
                        if (table != null)
                        {
                            TablesReferred.Add(table);
                        }
                        else
                        {
                            throw new Exception(string.Format("The referred table {0} was not found in meta data!", row["BaseTableName"].ToString()));
                        }
                    }

                    TablesReferred = new List <RbacTable>(TablesReferred.DistinctBy(t => t.Name));
                    connection.Close();
                }
                ParsedMethod = RbacSelectQueryParsedMethods.CommandBehavior;
                ParsedQuery  = ParsedQuery.Replace("*", Columns.ToCommaSeparatedString());
                IsParsed     = true;
                return(true);
            }
            catch (Exception ex)
            {
                Errors.Add(ex.Message);
            }
            return(false);
        }
Esempio n. 4
0
        private void RemoveColumnFromSelect(RbacSelectColumn column)
        {
            //if (column.TableColumnName == "SSN")
            //    Debugger.Break();
            SelectColumnRemover selectColumnRemover = new SelectColumnRemover(ParsedQuery, column);

            ParsedQuery = selectColumnRemover.Remove();

            if ((IsSilent == false) &&
                selectColumnRemover.IsZeroSelectColumn)
            {
                RbacException.Raise("The query returned 0(zero) column!");
            }
        }
Esempio n. 5
0
        public SelectColumnRemover(string query, RbacSelectColumn column)
        {
            Query  = query;
            Column = column;

            int fromIndex = Query.IndexOf(" into", StringComparison.OrdinalIgnoreCase);

            if (fromIndex == -1)
            {
                fromIndex = Query.IndexOf("from", StringComparison.OrdinalIgnoreCase);
            }
            if (fromIndex == -1)
            {
                RbacException.Raise("Something went wrong while applying permission on select columns, no 'into' or 'from' statement found in the query");
            }


            SelectStatement = Query.Substring(0, fromIndex);
            OtherStatement  = " " + Query.Substring(fromIndex, Query.Length - fromIndex);
        }
Esempio n. 6
0
        public override void ExplicitVisit(AssignmentSetClause assignSetClause)
        {
            RbacSelectColumn column = new RbacSelectColumn();

            if (!string.IsNullOrEmpty(TableName))
            {
                column.Table.Name = TableName;
            }

            if (assignSetClause.Column.MultiPartIdentifier.Identifiers.Count == 1)
            {
                column.Name = assignSetClause.Column.MultiPartIdentifier.Identifiers[0].Value;
            }
            else if (assignSetClause.Column.MultiPartIdentifier.Identifiers.Count == 2)
            {
                column.Table.Alias = assignSetClause.Column.MultiPartIdentifier.Identifiers[0].Value;
                column.Name        = assignSetClause.Column.MultiPartIdentifier.Identifiers[1].Value;
            }

            Columns.Add(column);
        }
Esempio n. 7
0
        public override void ExplicitVisit(SelectStarExpression node)
        {
            string query = String.Join(string.Empty, node.ScriptTokenStream.Select(sts => sts.Text).ToArray());

            string tableNameOrAlias = string.Empty;
            bool   hasIdentifier    = false;

            if (node.Qualifier != null)
            {
                tableNameOrAlias = node.Qualifier.Identifiers[0].Value;
                hasIdentifier    = true;
            }
            else
            {
                int pos = node.ScriptTokenStream.Select((v, i) => new { token = v, index = i }).First(sts => sts.token.TokenType == TSqlTokenType.From).index;
                tableNameOrAlias = node.ScriptTokenStream[pos + 2].Text;

                if ((node.ScriptTokenStream.Count >
                     (pos + 2 + 2)) &&
                    (node.ScriptTokenStream[pos + 4].TokenType == TSqlTokenType.Identifier))
                {
                    //e.g. 'select * from Author a' getting 'a'
                    tableNameOrAlias = node.ScriptTokenStream[pos + 4].Text;
                }
            }

            bool      isAlias = false;
            RbacTable table   = Context.User.Role.CrudPermissions.Find(tableNameOrAlias, ref isAlias);

            if (table != null)
            {
                foreach (RbacColumn col in table.Columns)
                {
                    RbacSelectColumn column = new RbacSelectColumn();
                    if (isAlias)
                    {
                        column.Table.Alias = tableNameOrAlias;
                        column.Table.Name  = table.Name;
                    }
                    else
                    {
                        column.Table.Name = tableNameOrAlias;
                    }

                    column.Table = table;
                    column.Name  = col.Name;
                    Columns.Add(column);
                }

                if ((isAlias) && (hasIdentifier))
                {
                    ParsedQuery = query.Replace(tableNameOrAlias + ".*", table.Columns.ToCommaSeparatedString(tableNameOrAlias));
                }
                else
                {
                    ParsedQuery = query.Replace("*", table.Columns.ToCommaSeparatedString(tableNameOrAlias));
                }
            }
            else
            {
                RbacException.Raise(string.Format("The referred table {0} was not found in meta data!", tableNameOrAlias),
                                    RbacExceptionCategories.Parser);
            }
        }