private Dictionary <string, IEnumerable <Dictionary <string, object> > > BuildQueryAndRun( IApp app, string name, string stream, bool includeGuid, IContextOfSite context, bool userMayEdit, AppQueryParameters more) { var wrapLog = Log.Call($"name:{name}, stream:{stream}, withModule:{(context as IContextOfBlock)?.Module.Id}"); var query = app.GetQuery(name); if (query == null) { var msg = $"query '{name}' not found"; wrapLog(msg); throw new HttpExceptionAbstraction(HttpStatusCode.NotFound, msg, "query not found"); } var permissionChecker = context.ServiceProvider.Build <AppPermissionCheck>() .ForItem(context, app, query.Definition.Entity, Log); var readExplicitlyAllowed = permissionChecker.UserMay(GrantSets.ReadSomething); var isAdmin = context.User.IsAdmin; // Only return query if permissions ok if (!(readExplicitlyAllowed || isAdmin)) { var msg = $"Request not allowed. User does not have read permissions for query '{name}'"; wrapLog(msg); throw new HttpExceptionAbstraction(HttpStatusCode.Unauthorized, msg, "Request not allowed"); } var serializer = new DataToDictionary(userMayEdit) { WithGuid = includeGuid }; if (stream == AllStreams) { stream = null; } var result = serializer.Convert(query, stream?.Split(','), more?.Guids); wrapLog(null); return(result); }
public Dictionary <string, IEnumerable <Dictionary <string, object> > > PublicQuery(string appPath, string name, string stream, AppQueryParameters more) { var wrapLog = Log.Call($"path:{appPath}, name:{name}, stream: {stream}"); if (string.IsNullOrEmpty(name)) { throw HttpException.MissingParam(nameof(name)); } var appCtx = _ctxResolver.AppOrBlock(appPath); var queryApp = ServiceProvider.Build <Apps.App>().Init(appCtx.AppState, ServiceProvider.Build <AppConfigDelegate>().Init(Log).Build(appCtx.UserMayEdit), Log); // now just run the default query check and serializer var result = BuildQueryAndRun(queryApp, name, stream, false, appCtx, appCtx.UserMayEdit, more); wrapLog(null); return(result); }
public Dictionary <string, IEnumerable <Dictionary <string, object> > > Query(int?appId, string name, bool includeGuid, string stream, AppQueryParameters more) { var wrapLog = Log.Call($"'{name}', inclGuid: {includeGuid}, stream: {stream}"); var appCtx = appId != null?_ctxResolver.BlockOrApp(appId.Value) : _ctxResolver.BlockRequired(); // If no app available from context, check if an app-id was supplied in url // Note that it may only be an app from the current portal // and security checks will run internally var app = ServiceProvider.Build <Apps.App>().Init(ServiceProvider, appCtx.AppState.AppId, Log, appCtx.UserMayEdit); var result = BuildQueryAndRun(app, name, stream, includeGuid, appCtx, appCtx.UserMayEdit, more); wrapLog(null); return(result); }