コード例 #1
0
 /// <summary>
 /// Returns true if <paramref name="operationType"/> on <paramref name="entity"/> is allowed.
 /// </summary>
 public bool IsAuthorized(TEntity entity, OcDataOperationType operationType)
 {
     if (AuthorizationService == null)
     {
         return(true);
     }
     return(AuthorizationService.IsAuthorized(entity, Request, ResourceName, operationType));
 }
コード例 #2
0
        /// <summary>
        /// Applies logic specific to the <paramref name="operationType"/> on the passed in <paramref name="entities"/>.
        /// Any messages generated during the process will be added to the <see cref="OcApiMessages"/> collection in  <see cref="OcLayerBase{TRequest}.Request"/>.
        /// Actions taken during processing will depend on the flags set in <see cref="OcLayerBase{TRequest}.Options"/>.
        /// </summary>
        /// <param name="entities">Collection of entities the operation is being performed on</param>
        /// <param name="operationType">Indicates the type of data operation being performed</param>
        /// <returns>Returns true if all operations and configured validation were performed successful, false otherwise.</returns>
        protected virtual bool ApplyLogic(IEnumerable <TEntity> entities, OcDataOperationType operationType)
        {
            Debug.Assert(entities != null);

            bool success;

            if (operationType == OcDataOperationType.Read)
            {
                success = false;  // Only successful if at least one record passes and can be returned.
                foreach (var entity in entities)
                {
                    success = success || ApplyLogic(entity, OcDataOperationType.Read);
                }
            }
            else
            {
                success = true;  // Successful if all operations processing succeeds.  If any step in processing fails abort the entire request.
                foreach (var entity in entities)
                {
                    success = success && ApplyLogic(entity, operationType);
                }
            }
            return(success);
        }
コード例 #3
0
 => true;      // Its an example, allow everything
 public bool IsAuthorized <TEntity>(TEntity entity, IMyRequest request, string resourceName, OcDataOperationType operationType)
 => true;      // Its an example, allow everything
コード例 #4
0
        /// <summary>
        /// Applies logic specific to the <paramref name="operationType"/> on the passed in <paramref name="entity"/>.
        /// Any messages generated during the process will be added to the <see cref="OcApiMessages"/> collection in  <see cref="OcLayerBase{TRequest}.Request"/>.
        /// Actions taken during processing will depend on the flags set in <see cref="OcLayerBase{TRequest}.Options"/>.
        /// </summary>
        /// <param name="entity">Entity which is having the operation performed on it</param>
        /// <param name="operationType">Indicates the type of data operation being performed</param>
        /// <returns>Returns true if the operation was completed successfully, false otherwise.</returns>
        protected virtual bool ApplyLogic([NotNull] TEntity entity, OcDataOperationType operationType)
        {
            Debug.Assert(entity != null);

            // Handle Read operations
            if (operationType == OcDataOperationType.Read)
            {
                // Authorization
                if (Options.HasFlag(OcRequestOptions.ExcludeUnauthorized) && !IsAuthorized(entity, OcDataOperationType.Read))
                {
                    if (Options.HasFlag(OcRequestOptions.MessageUnauthorized))
                    {
                        ResponseMessageAdd(OcApiMessageType.NotificationSystem, $"Excluding {EntityStatusSummary(entity)} in {ResourceName} because the user is not authorized");
                    }
                    return(false);
                }
                // Deleted
                if (Options.HasFlag(OcRequestOptions.ExcludeInactive) && EntityIsInactive(entity))
                {
                    if (Options.HasFlag(OcRequestOptions.MessageExcluded))
                    {
                        ResponseMessageAdd(OcApiMessageType.NotificationSystem, $"Excluding {EntityStatusSummary(entity)} in {ResourceName} because it is marked as inactive");
                    }
                    return(false);
                }
                // Execute read and return success
                return(ApplyReadLogic(entity));
            }

            // Authorization
            if (!IsAuthorized(entity, operationType))
            {
                ResponseMessageAdd(OcApiMessageType.AuthorizationFailure, $"{operationType} of {EntityStatusSummary(entity)} in {ResourceName} not performed because the user is not authorized");
                return(false);
            }

            // Perform operation
            bool success;

            switch (operationType)
            {
            case OcDataOperationType.Create:
                success = ApplyCreateLogic(entity);
                break;

            case OcDataOperationType.Update:
                success = ApplyUpdateLogic(entity);
                break;

            case OcDataOperationType.Delete:
                success = ApplyDeleteLogic(entity);
                break;

            case OcDataOperationType.Other:
                success = ApplyOtherLogic(entity);
                break;

            default:
                throw new ArgumentOutOfRangeException(nameof(operationType), operationType, null);
            }
            if (!success)
            {
                if (Options.HasFlag(OcRequestOptions.VerboseMessages))
                {
                    ResponseMessageAdd(OcApiMessageType.ValidationFailure, $"{operationType} of {EntityStatusSummary(entity)} in {ResourceName} failed during processing");
                }
                return(false);
            }

            // Validation
            if (Options.HasFlag(OcRequestOptions.ValidateEntities) && IsValid(entity) == false)
            {
                if (!ResponseMessagesHas(OcApiMessageType.ValidationFailure) || Options.HasFlag(OcRequestOptions.VerboseMessages))
                {
                    ResponseMessageAdd(OcApiMessageType.ValidationFailure, $"{operationType} of {EntityStatusSummary(entity)} in {ResourceName} not performed because the entity failed validation");
                }
                return(false);
            }

            return(true);
        }