public RbacEngineWebResponse Post([FromBody] RbacEngineWebRequest request)
{
RbacEngineWebResponse response = new RbacEngineWebResponse();
try
{
response.UserName = request.UserName;
response.RoleName = request.RoleName;
using (Rbac ctx = new Rbac(request.UserName, request.RbacName, request.RoleName))
{
response.RbacName = request.RbacName;
SqlQueryParser parser = new SqlQueryParser(ctx, request.SkipParsing);
parser.Parse(request.Query);
using (RbacSqlQueryEngine eng = new RbacSqlQueryEngine(parser, request.DebugMode))
{
eng.SkipExecution = request.SkipExecution;
eng.Execute();
response.SetResult(eng);
}
}
}
catch (Exception ex)
{
response.SetResult(ex.Message);
}
return(response);
}
private void IsAllowedToInsertOrUpdateOrDelete(string query = null)
{
using (Rbac rbac = new Rbac("essie")) //<-- you should pass the logged in user name from the context
{
using (SqlQueryParser parser = new SqlQueryParser(rbac))
{
parser.Parse(query); //<-- this will throw error if not permitted and silent is false
}
}
}
private void IsAllowedToInsertOrUpdateOrDelete(string query = null)
{
using (Rbac rbac = new Rbac("essie")) //<-- you should pass the logged in user name from the context
{
using (SqlQueryParser parser = new SqlQueryParser(rbac))
{
parser.Parse(query); //<-- this will throw exception if not permitted
//<-- if you are here, you are goood. Just perform basic insert/update/delete
}
}
}
private void LoadAssemblies()
{
//this will load the assembly into memory, so that 2nd call is more efficient
try
{
Rbac rbac = new Rbac("Lashawn", "Books", "role_city_mgr");
SqlQueryParser parser = new SqlQueryParser(rbac);
parser.Parse("select * from Author");
}
catch { }
}
private void btnExecute_Click(object sender, EventArgs e)
{
SetStatusText("Parsing...");
txtErrors.Text = string.Empty;
txtParsedQuerys1.Text = string.Empty;
txtParsedQuery.Text = string.Empty;
txtErrors.Visible = false;
RbacEngineWebResponse response = new RbacEngineWebResponse();
this.Cursor = Cursors.WaitCursor;
try
{
_Request.RbacName = ((Rbac)cbInstances.SelectedItem).Name;
_Request.UserName = ((RbacUser)cbUsers.SelectedItem).UserName;
_Request.RoleName = ((RbacRole)cbRoles.SelectedItem).Name;
_Request.Query = txtQuery.Text;
engineInput.SelectedObject = _Request;
using (Rbac ctx = new Rbac(_Request.UserName, _Request.RbacName, _Request.RoleName))
{
SqlQueryParser parser = new SqlQueryParser(ctx, _Request.SkipParsing);
parser.Parse(_Request.Query);
response.SetResult(parser);
BindResult(response);
SetStatusText("Parsing...Done.", response);
if (parser.QueryType == RbacQueryTypes.Select)
{
SetStatusText("Parsing...Done. Executing...", response);
using (RbacSqlQueryEngine eng = new RbacSqlQueryEngine(parser, _Request.DebugMode))
{
eng.SkipExecution = _Request.SkipExecution;
eng.Execute();
response.SetResult(eng);
SetStatusText("Parsing...Done. Executing...Done.", response);
}
}
}
}
catch (RbacException ex)
{
txtErrors.Text = ex.Message;
txtErrors.Visible = true;
SetStatusText("Done.");
}
BindResult(response);
tabControl1.SelectedIndex = 0;
this.Cursor = Cursors.Default;
}
private void btnExecuteAll_Click(object sender, EventArgs e)
{
if (lvwQueries.Tag != null)
{
DataTable table = lvwQueries.Tag as DataTable;
if (table.Columns["ParsedQueryStage1"] == null)
{
table.Columns.Add("ParsedQueryStage1");
table.Columns.Add("ParsedQuery");
table.Columns.Add("Errors");
}
foreach (DataRow row in table.Rows)
{
try
{
Rbac rbac = new Rbac(row["User"].ToString(), "Books", row["Role"].ToString());
SqlQueryParser parser = new SqlQueryParser(rbac);
parser.Parse(row["Query"].ToString());
RbacSqlQueryEngine engine = new RbacSqlQueryEngine(parser, true);
engine.Execute();
row["ParsedQueryStage1"] = parser.ParsedQueryStage1;
row["ParsedQuery"] = parser.ParsedQuery;
row["Errors"] = parser.AllErrors + Environment.NewLine;
}
catch (Exception ex)
{
row["Errors"] = ex.Message;
}
}
string fileName = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, table.TableName + "_out.csv");
try
{
table.ToCsv(fileName);
MessageBox.Show("Test results are saved on " + fileName + "!", "Success", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
catch (Exception ex)
{
MessageBox.Show(ex.Message,
"Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}
// POST: api/Rbac
public string Post([FromBody] RbacWebRequest request)
{
RbacWebResponse response = new RbacWebResponse(request.RbacId);
if (request.RbacId == 0)
{
response.SetResult(string.Format("Rbac instance with rbac id '{0}' not found!", request.RbacId));
return(JsonConvert.SerializeObject(response));
}
RbacUser user = new Rbac(request.RbacId).GetUser(request.UserName);
if (user == null)
{
response.SetResult(string.Format("User '{0}' not found!", request.UserName));
return(JsonConvert.SerializeObject(response));
}
if (!string.IsNullOrEmpty(request.RoleName))
{
user.Role = new RbacRole(request.RoleName); //dangerous code, only to be used for role testing
if (user.Role == null)
{
response.SetResult(string.Format("Role '{0}' not found!", request.RoleName));
return(JsonConvert.SerializeObject(response));
}
}
SqlQueryParser parser = new SqlQueryParser(new RbacContext(user), request.SkipParsing);
parser.Parse(request.Query);
RbacSqlQueryEngine engine = new RbacSqlQueryEngine(parser, request.DebugMode);
engine.SkipExecution = request.SkipExecution;
engine.Execute();
response.SetResult(engine);
return(JsonConvert.SerializeObject(response));
}
public void TestBatch()
{
GenericParserAdapter genParser = new GenericParserAdapter(Path.Combine(_rootDir, "Books", "tests.csv"));
genParser.FirstRowHasHeader = true;
DataTable table = genParser.GetDataTable();
if (table.Columns["ParsedQueryStage1"] == null)
{
table.Columns.Add("ParsedQueryStage1");
table.Columns.Add("ParsedQuery");
table.Columns.Add("Records");
table.Columns.Add("Errors");
table.Columns.Add("TestResult");
}
bool cleaned = false;
foreach (DataRow row in table.Rows)
{
//if (row["Id"].ToString() == "11")
// Debugger.Break();
Rbac rbac = new Rbac(row["User"].ToString());
RbacRole role = Rbac.GetRole(row["Role"].ToString());
if (!cleaned)
{
CleanDataFromDb(rbac.ConnectionString);
cleaned = true;
}
SqlQueryParser parser = new SqlQueryParser(rbac);
try
{
parser.Parse(row["Query"].ToString());
}
catch (Exception ex)
{
row["Errors"] = ex.Message;
if (row["Expected"].ToString().Equals(row["Errors"].ToString()))
{
row["TestResult"] = "Passed";
}
else
{
row["TestResult"] = "Failed";
}
continue;
}
row["ParsedQueryStage1"] = parser.ParsedQueryStage1;
row["ParsedQuery"] = parser.ParsedQuery;
row["Errors"] += parser.AllErrors;
if (string.IsNullOrEmpty(parser.AllErrors))
{
RbacSqlQueryEngine engine = new RbacSqlQueryEngine(parser, true);
engine.Execute();
if (engine.IsErrored)
{
row["Records"] = "Errored";
}
else if ((parser.QueryType == RbacQueryTypes.Select) && (engine.Table == null))
{
row["Records"] = "Errored";
}
else if ((parser.QueryType == RbacQueryTypes.Select) && (engine.Table != null))
{
row["Records"] = engine.Table.Rows.Count + " record(s)";
}
if (!string.IsNullOrEmpty(parser.AllErrors))
{
row["Errors"] += parser.AllErrors + Environment.NewLine;
}
if (!string.IsNullOrEmpty(engine.AllErrors))
{
row["Errors"] += engine.AllErrors + Environment.NewLine;
}
}
if (row["Expected"].ToString().Equals(row["Errors"].ToString()))
{
row["TestResult"] = "Passed";
}
else
{
row["TestResult"] = "Failed";
}
CleanDataFromDb(rbac.ConnectionString);
}
string outFile = Path.Combine(_rootDir, "Books", "tests_result.csv");
table.ToCsv(outFile);
WriteColor(ConsoleColor.Green, outFile + " is generated!");
Console.WriteLine();
ToCsvMarkdownFormat(table, Path.Combine(_rootDir, "Books", "tests_result.md"));
}
private void btnExecuteAll_Click(object sender, EventArgs e)
{
Cursor = Cursors.WaitCursor;
toolStripProgressBar1.Visible = true;
if (lvwQueries.Tag != null)
{
DataTable table = lvwQueries.Tag as DataTable;
toolStripProgressBar1.Maximum = table.Rows.Count;
if (table.Columns["ParsedQueryStage1"] == null)
{
table.Columns.Add("ParsedQueryStage1");
table.Columns.Add("ParsedQuery");
table.Columns.Add("Errors");
}
foreach (DataRow row in table.Rows)
{
try
{
Rbac rbac = new Rbac(row["User"].ToString(), "Books", row["Role"].ToString());
RbacEngineWebResponse response = new RbacEngineWebResponse();
this.Cursor = Cursors.WaitCursor;
_Request.RbacName = rbac.Name;
_Request.UserName = rbac.User.UserName;
_Request.RoleName = rbac.User.Role.Name;
_Request.Query = row["Query"].ToString();
SqlQueryParser parser = new SqlQueryParser(rbac);
parser.Parse(_Request.Query);
response.SetResult(parser);
SetStatusText("Parsing...Done.", response);
if (parser.QueryType == RbacQueryTypes.Select)
{
SetStatusText("Parsing...Done. Executing...", response);
RbacSqlQueryEngine engine = new RbacSqlQueryEngine(parser, true);
engine.Execute();
response.SetResult(engine);
SetStatusText("Parsing...Done. Executing...Done.", response);
}
row["ParsedQueryStage1"] = parser.ParsedQueryStage1;
row["ParsedQuery"] = parser.ParsedQuery;
row["Errors"] = parser.AllErrors + Environment.NewLine;
SetStatusText("Done.", response);
}
catch (Exception ex)
{
row["Errors"] = ex.Message;
}
toolStripProgressBar1.PerformStep();
Application.DoEvents();
}
toolStripProgressBar1.Visible = false;
string fileName = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, table.TableName + "_out.csv");
try
{
table.ToCsv(fileName);
MessageBox.Show("Test results are saved on " + fileName + "!", "Success", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
catch (Exception ex)
{
Cursor = Cursors.Default;
MessageBox.Show(ex.Message,
"Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
tabControl1.SelectedIndex = 0;
Cursor = Cursors.Default;
}
}