public dynamic GeneralAccessChainValidation( IRequest Request, MemberInfo Type, ModelAction ModelAction, HttpRequestMethod RequestMethod, TRelation RelationType, object ModelItself, object TypeValue = null, bool DefaultPolicy = false) { var typeName = Type.GetType().GetProperty("Name").GetValue(Type) as string; var modelPermissions = Type.GetCustomAttributes <ModelPermissionAttribute> (); var requirements = modelPermissions .AsParallel() .Where(requirement => requirement.ModelAction == ModelAction && requirement.RequestMethod == RequestMethod) .ToList(); if (requirements != null && requirements.Count > 0) { foreach (var requirement in requirements) { var validation = APIUtils.InvokeMethod( requirement.AccessChainResolver, "Validate", new object[] { DbContext, RequesterID, Request, ModelItself, typeName, TypeValue, ModelAction, RequestMethod, RelationType }); if (!(validation is bool && (bool)validation)) { return("Requirement validation with name { " + requirement.AccessChainResolver.Name + " } has been failed with result { " + validation + " }"); } } } else if (DefaultPolicy == false) { return("Requested action { " + ModelAction + " } is not valid for request method { " + RequestMethod + " }, or this action is not valid for this type { " + typeName + " } at all"); } return(true); }
private void ResolveRelationDependency( object model, string requesterID, IRequest request, IRequest relatedRequest, TRelation intractionType, HttpRequestMethod httpRequestMethod) { var propertyList = model.GetType() .GetProperties() .Where(property => property.IsDefined(typeof(RelationDependentValueAttribute), true)) .ToList(); var updateModel = false; foreach (var item in propertyList) { var attribute = item.GetCustomAttribute <RelationDependentValueAttribute> (); var relationDependentResolver = httpRequestMethod == HttpRequestMethod.Post ? attribute.OnRelationCreated : attribute.OnReleationDeleted; var result = APIUtils.InvokeMethod( relationDependentResolver, "OnRelationEvent", new object[] { dbContext, model, requesterID, request, relatedRequest, intractionType, httpRequestMethod }); if (result != null) { model = result; updateModel = true; } } if (updateModel) { dbContext.Update(model); } }
public dynamic ValidateRequest( HttpRequestMethod requestMethod, IRequest request, ModelAction requestedAction, TRelation relationType) { if (request == null || request.ResourceName == null || string.IsNullOrWhiteSpace(request.ResourceName)) { return("Request Error: Route parameters should not be empty"); } // Check ResourceName //* Check whether resource is exist or not? is direct access allowed or not? var resourceType = modelParser.GetResourceType(request.ResourceName); if (resourceType == null) { return("Requested resource {" + request.ResourceName + "} is not exist or direct access is not permitted"); } request.Temp_ResourceType = resourceType; if (requestedAction != ModelAction.Create) { if (request.IdentifierName == null || string.IsNullOrWhiteSpace(request.IdentifierName) || request.IdentifierValue == null || string.IsNullOrWhiteSpace(request.IdentifierValue)) { return("Request Error: Route parameters should not be empty"); } //* Check whether this identifier is exist or not for model var identifierValidator = (resourceType.GetCustomAttributes(typeof(IdentifierValidatorAttribute), true) as IdentifierValidatorAttribute[]) .Union( resourceType.GetProperties() .Where(property => property.IsDefined(typeof(IdentifierValidatorAttribute))) .Select(validator => validator.GetCustomAttribute(typeof(IdentifierValidatorAttribute), true) as IdentifierValidatorAttribute) ) .Where(validator => validator.PropertyName == request.IdentifierName) .FirstOrDefault(); if (identifierValidator == null || identifierValidator.Validator == null) { return("Requested model identifier does not exist or it's not permitted to use it as an identifier"); } var identifierValidation = APIUtils.InvokeMethod( identifierValidator.Validator, "Validate", new object[] { request.IdentifierValue }); if (!(identifierValidation is bool && (bool)identifierValidation)) { return("Request Error: The value {" + request.IdentifierValue + "} is not a valid value for identifier {" + request.IdentifierName + "}"); } } return(ModelValidation( Request: request, ModelType: resourceType, ModelAction: requestedAction, RequestMethod: requestMethod, RelationType: relationType)); }