public PagedResponse <ListProduct> GetProducts(PredicateObject predicateObject) { try { //NOTE: I will send a stringified json object to handle this //and a factory to build the predicate set and sql query //both in C# and in Angular 2, this will create a dynamic query //from those params based on object property types from the object itself // It is very straightforward using reflection to ensure // conditional values are types expected // and wheres and orderbys point to properties of the object // and no issues arise from Little Bobby Tables (string checks ;drop tables) // -This will be the first public version of that API, // previous had 0 vulnerabilities in penetration testing //Will use RowNumber Based SQL selects //Handled by Entity: Insert<T>(Object), Update<T>(Object), Delete<T>(ObjectId) //Accepts the Predicate Object: Get[Object](), Get[Object]s(), and Get[Object]Count() //This only handles very simple joins //Predicate object property creation needs filters and cleans //This is the simplest case, will have to extend the where for each filter type //Still leaning towards a SQL dynamic command using RowNumber //and intelligent Safe scripts //NOTE: On this rebuild also add a front end string [] for each property //I want returned from the full list (can clean up partial class selection) //Working on matching breeze api again but for RxJs /* * Breeze client side code: * return breeze.EntityQuery.from('TodoLists') * .select('name','id','propertyA', ...) * .where('Title', 'startsWith', 'T') * .take(3).orderBy('title') * .using(manager).execute() * .then(success).catch(failure) */ return(new PagedResponse <ListProduct>() { Data = viewModel.GetProducts(predicateObject), Total = viewModel.GetProductCount(predicateObject) }); } catch (Exception ex) { var that = ex; //TODO UIService for error handling and logging return(new PagedResponse <ListProduct>() { Data = new List <ListProduct>().AsQueryable(), Total = 0, Error = ex.Message + Environment.NewLine + Environment.NewLine + ex.StackTrace }); } }