public async Task <BooleanExpression> GetTableRowLevelSecurityFilter(string tableName, string tableAlias, HttpContext httpContext) { if (!_metadataStore.TryGetTable(tableName, out var table)) { throw new SqlErrorException($"Table '{tableName}' does not exist."); } //Check that the user is authorized to access this table //This is required since the calling service must know if the user is not actually authorized, if it has cached the data elsewhere. await AuthorizationHelper.CheckAuthorization(_serviceProvider, table.SecurityPolicy, httpContext); var filter = await RowLevelSecurityHelper.GetRowLevelSecurityQuery(table, httpContext, _metadataStore, _serviceProvider, tableAlias); return(filter); }
public async ValueTask <IQueryable> ResolveTableName(string name, object additionalData, IQueryOptions queryOptions) { if (!(additionalData is TableResolverData tableResolverData)) { throw new Exception(); } if (_metadataStore.TryGetTable(name, out var table)) { await AuthorizationHelper.CheckAuthorization(tableResolverData.ServiceProvider, table.SecurityPolicy, tableResolverData.HttpContext); var resolver = (ITableResolver)tableResolverData.ServiceProvider.GetRequiredService(table.Resolver); return(await resolver.GetQueryable(tableResolverData.HttpContext, queryOptions, tableResolverData.CustomMetadataStore)); } else { //TODO: Fix exceptions throw new SqlErrorException($"Table {name} does not exist"); } }
public void TestMissingPolicy() { Mock <IAuthorizationPolicyProvider> authorizationPolicyMock = new Mock <IAuthorizationPolicyProvider>(); authorizationPolicyMock.Setup(x => x.GetPolicyAsync(It.IsAny <string>())) .Returns(() => { return(Task.FromResult <AuthorizationPolicy>(null)); }); Mock <IAuthorizationHandlerProvider> authorizationHandlerMock = new Mock <IAuthorizationHandlerProvider>(); Mock <HttpContext> httpContextMock = new Mock <HttpContext>(); ServiceCollection services = new ServiceCollection(); services.AddSingleton(authorizationPolicyMock.Object); services.AddSingleton(authorizationHandlerMock.Object); Assert.ThrowsAsync <InvalidOperationException>( async() => await AuthorizationHelper.CheckAuthorization(services.BuildServiceProvider(), "test", httpContextMock.Object), "No security policy found named 'test'." ); }