public virtual async Task <IActionResult> OnUpdateAsync(SecurityFilterContext <T> context) { if (!await CanUpdateAsync(context)) { return(Unauthorized(context)); } return(null); }
public virtual async Task <IActionResult> OnReadAsync(SecurityFilterContext <T> context) { if (!await CanReadAsync(context)) { return(NotFound(context)); } return(null); }
protected async Task <IActionResult> ApplySecurityFiltersAsync <T>( ActionExecutingContext context, T patchEntity) where T : class { if (context.HttpContext.Items.ContainsKey(HttpKey)) { return(null); } context.HttpContext.Items.Add(HttpKey, true); var controller = context.Controller as IODataCrudController <T>; if (controller == null) { throw DoesNotImplementException(context.Controller, typeof(IODataCrudController <T>)); } IActionResult result = null; SecurityFilters = SecurityFilterTypes? .Select(sft => ActivatorUtilities.CreateInstance(context.HttpContext.RequestServices, sft)) .Cast <ISecurityFilter>() .ToArray(); var localSecurityFilters = await ResolveSecurityFiltersForRequestAsync(context, patchEntity) ?? new ISecurityFilter[] { }; var localSecurityFilters2 = await ResolveLocalSecurityFiltersAsync() ?? new ISecurityFilter[] { }; var securityFilters = localSecurityFilters.Concat(localSecurityFilters2).ToArray(); if (securityFilters.Any()) { foreach (var securityFilter in securityFilters) { var entityById = default(T); var hasId = false; if (CheckId && securityFilter.CheckId) { entityById = (T)controller.TryGetModelFromId(context, out hasId); } var securityFilterContext = new SecurityFilterContext <T>(entityById ?? patchEntity, context, context.HttpContext, context.Controller as Controller, hasId); if (!await securityFilter.CanUseAsync(securityFilterContext)) { continue; } if (CheckId && hasId && entityById == null) { result = await securityFilter.OnNotFoundAsync(securityFilterContext); } else { switch (context.HttpContext.Request.Method) { case "GET": result = await securityFilter.OnReadAsync(securityFilterContext); break; case "POST": result = await securityFilter.OnCreateAsync(securityFilterContext); break; case "PATCH": case "PUT": result = await securityFilter.OnUpdateAsync(securityFilterContext); break; case "DELETE": result = await securityFilter.OnDeleteAsync(securityFilterContext); break; } } } } return(result); }
protected override Task <bool> CanEditAsync(SecurityFilterContext <T> context) { return(Task.FromResult(true)); }
public override Task <bool> CanReadAsync(SecurityFilterContext <T> context) { return(Task.FromResult(false)); }
Task <bool> ISecurityFilter.CanDeleteAsync(SecurityFilterContext context) { return(CanCreateAsync((SecurityFilterContext <T>)context)); }
Task <bool> ISecurityFilter.CanReadAsync(SecurityFilterContext context) { return(CanReadAsync((SecurityFilterContext <T>)context)); }
protected virtual StatusCodeResult NotFound(SecurityFilterContext <T> context) { return(context.Controller.NotFound()); }
protected virtual StatusCodeResult Unauthorized(SecurityFilterContext <T> context) { return(context.Controller.Unauthorized()); }
public Task <IActionResult> OnNotFoundAsync(SecurityFilterContext <T> context) { return(Task.FromResult <IActionResult>(context.Controller.NotFound())); }
public virtual Task <bool> CanUpdateAsync(SecurityFilterContext <T> context) { return(CanEditAsync(context)); }
public virtual Task <bool> CanReadAsync(SecurityFilterContext <T> context) { return(Task.FromResult(true)); }
protected abstract Task <bool> CanEditAsync(SecurityFilterContext <T> context);
Task <IActionResult> ISecurityFilter.OnNotFoundAsync(SecurityFilterContext context) { return(OnNotFoundAsync((SecurityFilterContext <T>)context)); }