public CommandResult Execute(ICommandInfo commandInfo) { var saveInfo = (SaveEntityCommandInfo)commandInfo; if (saveInfo.Entity == null) { throw new ClientException("Invalid SaveEntityCommand argument: Entity is not set."); } // We need to check delete permissions before actually deleting items // and update items before AND after they are updated. var genericRepository = _genericRepositories.GetGenericRepository(saveInfo.Entity); var updateDeleteItems = ConcatenateNullable(saveInfo.DataToDelete, saveInfo.DataToUpdate); if (updateDeleteItems != null) { if (!_serverCommandsUtility.CheckAllItemsWithinFilter(updateDeleteItems, RowPermissionsWriteInfo.FilterName, genericRepository)) { _persistenceTransaction.DiscardChanges(); Guid?missingId; if (_serverCommandsUtility.MissingItemId(saveInfo.DataToDelete, genericRepository, out missingId)) { throw new ClientException($"Deleting a record that does not exist in database. DataStructure={saveInfo.Entity}, ID={missingId}"); } else if (_serverCommandsUtility.MissingItemId(saveInfo.DataToUpdate, genericRepository, out missingId)) { throw new ClientException($"Updating a record that does not exist in database. DataStructure={saveInfo.Entity}, ID={missingId}"); } else { throw new UserException("You are not authorized to write some or all of the provided data. Insufficient permissions to modify the existing data.", "DataStructure:" + saveInfo.Entity + "."); } } } genericRepository.Save(saveInfo.DataToInsert, saveInfo.DataToUpdate, saveInfo.DataToDelete, true); var insertUpdateItems = ConcatenateNullable(saveInfo.DataToInsert, saveInfo.DataToUpdate); // We rely that this call will only use IDs of the items, because other data might be dirty. if (insertUpdateItems != null) { if (!_serverCommandsUtility.CheckAllItemsWithinFilter(insertUpdateItems, RowPermissionsWriteInfo.FilterName, genericRepository)) { _persistenceTransaction.DiscardChanges(); throw new UserException("You are not authorized to write some or all of the provided data. Insufficient permissions to apply the new data.", "DataStructure:" + saveInfo.Entity + "."); } } return(new CommandResult { Message = "Command executed", Success = true }); }
public CommandResult Execute(ICommandInfo commandInfo) { var readInfo = commandInfo as ReadCommandInfo; if (readInfo == null) { return(CommandResult.Fail("CommandInfo does not implement ReadCommandInfo")); } if (readInfo.DataSource == null) { throw new ClientException("Invalid ReadCommand argument: Data source is not set."); } var genericRepository = _repositories.GetGenericRepository(readInfo.DataSource); ReadCommandResult result = _serverCommandsUtility.ExecuteReadCommand(readInfo, genericRepository); if (result.Records != null && !AlreadyFilteredByRowPermissions(readInfo)) { var valid = _serverCommandsUtility.CheckAllItemsWithinFilter(result.Records, RowPermissionsReadInfo.FilterName, genericRepository); if (!valid) { throw new UserException("You are not authorized to access some or all of the data requested.", "DataStructure:" + readInfo.DataSource + "."); } } return(new CommandResult { Data = _dataTypeProvider.CreateBasicData(result), Message = (result.Records != null ? result.Records.Length.ToString() : result.TotalCount.ToString()) + " row(s) found", Success = true }); }