/// <summary> /// Validates a <see cref="TopQueryOption" />. /// </summary> /// <param name="selectExpandQueryOption">The $select and $expand query.</param> /// <param name="validationSettings">The validation settings.</param> public virtual void Validate(SelectExpandQueryOption selectExpandQueryOption, ODataValidationSettings validationSettings) { if (selectExpandQueryOption == null) { throw Error.ArgumentNull("selectExpandQueryOption"); } if (validationSettings == null) { throw Error.ArgumentNull("validationSettings"); } _orderByQueryValidator = new OrderByModelLimitationsValidator(selectExpandQueryOption.Context, _defaultQuerySettings.EnableOrderBy); _selectExpandQueryOption = selectExpandQueryOption; ValidateRestrictions(null, 0, selectExpandQueryOption.SelectExpandClause, null, validationSettings); if (validationSettings.MaxExpansionDepth > 0) { if (selectExpandQueryOption.LevelsMaxLiteralExpansionDepth < 0) { selectExpandQueryOption.LevelsMaxLiteralExpansionDepth = validationSettings.MaxExpansionDepth; } else if (selectExpandQueryOption.LevelsMaxLiteralExpansionDepth > validationSettings.MaxExpansionDepth) { throw new ODataException(Error.Format( SRResources.InvalidExpansionDepthValue, "LevelsMaxLiteralExpansionDepth", "MaxExpansionDepth")); } ValidateDepth(selectExpandQueryOption.SelectExpandClause, validationSettings.MaxExpansionDepth); } }
/// <summary> /// Validates an <see cref="OrderByQueryOption" />. /// </summary> /// <param name="orderByOption">The $orderby query.</param> /// <param name="validationSettings">The validation settings.</param> public virtual void Validate(OrderByQueryOption orderByOption, ODataValidationSettings validationSettings) { if (orderByOption == null) { throw Error.ArgumentNull("orderByOption"); } if (validationSettings == null) { throw Error.ArgumentNull("validationSettings"); } int nodeCount = 0; for (OrderByClause clause = orderByOption.OrderByClause; clause != null; clause = clause.ThenBy) { nodeCount++; if (nodeCount > validationSettings.MaxOrderByNodeCount) { throw new ODataException(Error.Format(SRResources.OrderByNodeCountExceeded, validationSettings.MaxOrderByNodeCount)); } } bool enableOrderBy = orderByOption.Context.DefaultQuerySettings.EnableOrderBy; OrderByModelLimitationsValidator validator = new OrderByModelLimitationsValidator(orderByOption.Context, enableOrderBy); bool explicitAllowedProperties = validationSettings.AllowedOrderByProperties.Count > 0; foreach (OrderByNode node in orderByOption.OrderByNodes) { string propertyName = null; OrderByPropertyNode propertyNode = node as OrderByPropertyNode; if (propertyNode != null) { propertyName = propertyNode.Property.Name; bool isValidPath = !validator.TryValidate(propertyNode.OrderByClause, explicitAllowedProperties); if (propertyName != null && isValidPath && explicitAllowedProperties) { // Explicit allowed properties were specified, but this one isn't within the list of allowed // properties. if (!IsAllowed(validationSettings, propertyName)) { throw new ODataException(Error.Format(SRResources.NotAllowedOrderByProperty, propertyName, "AllowedOrderByProperties")); } } else if (propertyName != null) { // The property wasn't limited but it wasn't contained in the set of explicitly allowed // properties. if (!IsAllowed(validationSettings, propertyName)) { throw new ODataException(Error.Format(SRResources.NotAllowedOrderByProperty, propertyName, "AllowedOrderByProperties")); } } } else { propertyName = "$it"; if (!IsAllowed(validationSettings, propertyName)) { throw new ODataException(Error.Format(SRResources.NotAllowedOrderByProperty, propertyName, "AllowedOrderByProperties")); } } } }