// public
static public Task <ActionResult> ProcessQuery <T>(IIdentity user, HttpRequest uriInfo, DbContext entityManager, String serviceName) where T : class
{
IQueryCollection queryParameters = uriInfo.Query;
DbUtils.QueryMap fields = RequestFilter.ParseQueryParameters((LoginResponse)user, serviceName, queryParameters);
String[] orderBy = null;
{
CrudService service = RequestFilter.GetService(user, serviceName);
if (service.OrderBy != null)
{
orderBy = service.OrderBy.Split(',');
}
}
int?startPosition = null;
int?maxResult = null;
startPosition = queryParameters["start"].Count == 1 ? int.Parse(queryParameters["start"]) : startPosition;
maxResult = queryParameters["max"].Count == 1 ? int.Parse(queryParameters["max"]) : maxResult;
Type entityClass = RequestFilter.mapClass[serviceName];
return(DbUtils.Find <T>(entityManager, entityClass, fields, orderBy, startPosition, maxResult).ContinueWith(taskResults => {
if (taskResults.Exception != null)
{
return Response.BadRequest("ProcessQuery.Find : " + taskResults.Exception.Message);
}
ActionResult response = Response.Ok(taskResults.Result);
return response;
}));
}
// public processDelete
static public Task <ActionResult> ProcessDelete <T>(IIdentity user, HttpRequest uriInfo, DbContext entityManager, String serviceName) where T : class
{
return(RequestFilter.GetObject <T>(user, uriInfo, entityManager, serviceName).ContinueWith <ActionResult>(taskGet => {
return DbUtils.DeleteOne <T>(entityManager, taskGet.Result).ContinueWith <ActionResult>((taskObjDeleted) => {
RequestFilter.Notify(taskObjDeleted.Result, serviceName, true);
return Response.Ok();
}, TaskContinuationOptions.NotOnFaulted).Result;
}, TaskContinuationOptions.NotOnFaulted));
}
// private
static private DbUtils.QueryMap ParseQueryParameters(LoginResponse login, String serviceName, IQueryCollection queryParameters)
{
CrudService service = RequestFilter.GetService(login, serviceName);
DbUtils.QueryMap queryFields = DbUtils.QueryMap.Create();
JObject serviceFields = JObject.Parse(service.Fields);
foreach (var item in serviceFields)
{
JToken field = item.Value;
if (field.Value <Boolean> ("primaryKey") == true)
{
StringValues values = queryParameters [item.Key];
if (values.Count > 0)
{
String type = field.Value <String> ("type");
if (type == null || type.Equals("s"))
{
queryFields.Add(item.Key, values.First());
}
else if (type.Equals("n") || type.Equals("i"))
{
queryFields.Add(item.Key, int.Parse(values.First()));
}
else if (type.Equals("b"))
{
queryFields.Add(item.Key, Boolean.Parse(values.First()));
}
}
}
}
// se não for admin, limita os resultados para as crudGroup vinculadas a empresa do usuário
int?crudGroupOwner = login.user.CrudGroupOwner;
if (crudGroupOwner != 1)
{
if (serviceFields.ContainsKey("crudGroupOwner"))
{
queryFields["crudGroupOwner"] = crudGroupOwner;
}
else if (serviceFields.ContainsKey("crudGroup"))
{
queryFields["crudGroup"] = login.groups;
}
}
return(queryFields);
}
// public
static public Task <ActionResult> ProcessCreate <T>(IIdentity user, DbContext entityManager, String serviceName, T obj) where T : class
{
ActionResult response = RequestFilter.CheckObjectAccess(user, serviceName, obj);
if (response != null)
{
return(Task.Run(() => response));
}
return(DbUtils.Insert <T>(null, entityManager, obj).ContinueWith <ActionResult>(taskInsert => {
Object newObj = taskInsert.Result;
RequestFilter.Notify(newObj, serviceName, false);
return Response.Ok(newObj);
}, TaskContinuationOptions.NotOnFaulted));
}
// public processUpdate
static public Task <ActionResult> ProcessUpdate <T>(IIdentity user, HttpRequest uriInfo, DbContext entityManager, String serviceName, T obj) where T : class
{
return(RequestFilter.GetObject <T>(user, uriInfo, entityManager, serviceName).ContinueWith <ActionResult>(taskGet => {
ActionResult response = CheckObjectAccess(user, serviceName, obj);
if (response != null)
{
return response;
}
entityManager.Entry(taskGet.Result).State = EntityState.Detached;
return DbUtils.Update <T>(null, entityManager, obj).ContinueWith <ActionResult>(taskNewObj => {
RequestFilter.Notify(taskNewObj.Result, serviceName, false);
return Response.Ok(taskNewObj.Result);
}, TaskContinuationOptions.NotOnFaulted).Result;
}, TaskContinuationOptions.NotOnFaulted));
}
// private to create,update,delete,read
static private ActionResult CheckObjectAccess(IIdentity user, String serviceName, Object obj)
{
CrudService service;
try {
service = RequestFilter.GetService(user, serviceName);
} catch (Exception e) {
return(Response.Unauthorized(e.Message));
}
LoginResponse login = (LoginResponse)user;
JObject serviceFields = JObject.Parse(service.Fields);
ActionResult response = null;
int? userCrudGroupOwner = login.user.CrudGroupOwner;
if (userCrudGroupOwner > 1 && serviceFields.ContainsKey("crudGroupOwner"))
{
int?objCrudGroupOwner = (int?)obj.GetType().GetProperty("CrudGroupOwner").GetValue(obj);
if (objCrudGroupOwner == null)
{
obj.GetType().GetProperty("CrudGroupOwner").SetValue(obj, userCrudGroupOwner);
objCrudGroupOwner = userCrudGroupOwner;
}
if (objCrudGroupOwner == userCrudGroupOwner)
{
if (serviceFields.ContainsKey("crudGroup"))
{
int crudGroup = (int)obj.GetType().GetProperty("CrudGroup").GetValue(obj);
if (login.groups.IndexOf(crudGroup) < 0)
{
response = Response.Unauthorized("unauthorized object crudGroup");
}
}
}
else
{
response = Response.Unauthorized("unauthorized object crudGroupOwner");
}
}
return(response);
}
// processRequest
// main
private ActionResult ProcessRequest(HttpContext requestContext, DbContext entityManager, String serviceName, String uriPath)
{
// crudProcess
Func <LoginResponse, ActionResult> crudProcess = login => {
Type objectClass = RequestFilter.mapClass[serviceName];
HttpRequest uriInfo = requestContext.Request;
Object obj = null;
if (uriPath.Equals("create") || uriPath.Equals("update"))
{
try {
var str = new StreamReader(requestContext.Request.Body).ReadToEnd();
obj = JsonConvert.DeserializeObject(str, objectClass, new JsonSerializerSettings {
ContractResolver = new CamelCasePropertyNamesContractResolver()
});
} catch (Exception e) {
return(Response.InternalServerError(e.Message));
}
}
Task <ActionResult> cf;
if (uriPath.Equals("create"))
{
cf = RequestFilter.ProcessCreate <dynamic> (login, entityManager, serviceName, obj);
}
else if (uriPath.Equals("update"))
{
cf = RequestFilter.ProcessUpdate <dynamic> (login, uriInfo, entityManager, serviceName, obj);
}
else if (uriPath.Equals("delete"))
{
cf = RequestFilter.ProcessDelete <dynamic> (login, uriInfo, entityManager, serviceName);
}
else if (uriPath.Equals("read"))
{
cf = RequestFilter.ProcessRead <dynamic> (login, uriInfo, entityManager, serviceName);
}
else if (uriPath.Equals("query"))
{
cf = RequestFilter.ProcessQuery <dynamic>(login, uriInfo, entityManager, serviceName);
}
else
{
return(null);
}
cf.Wait();
if (cf.Exception != null)
{
return(Response.InternalServerError(cf.Exception.Message));
}
else
{
return(cf.Result);
}
};
Func <CrudUser, Boolean?> authorization = user => {
Boolean?access = null;
JObject json = JObject.Parse(user.Roles);
// verfica a permissao de acesso
if (json[serviceName] != null)
{
var serviceAuth = json[serviceName];
if (serviceAuth[uriPath] != null)
{
access = serviceAuth[uriPath].Value <Boolean?>();
}
}
return(access);
};
Func <ActionResult> authWithToken = () => {
ActionResult response;
String authorizationHeader = requestContext.Request.Headers["Authorization"];
if (authorizationHeader != null && authorizationHeader.StartsWith("Token "))
{
String token = authorizationHeader.Substring(6);
LoginResponse login = RequestFilter.logins[token];
if (login != null)
{
Boolean?access = authorization(login.user);
if (access != false)
{
ClaimsPrincipal securityContextOld = requestContext.User;
if (securityContextOld == null || securityContextOld.Identity == null || securityContextOld.Identity.Name == null)
{
ImplSecurityContext securityContext = new ImplSecurityContext(login);
requestContext.User = securityContext;
if (access == true)
{
response = crudProcess(login);
}
else
{
response = null;
}
}
else
{
response = Response.BadRequest("Already Identity found : " + securityContextOld.Identity.Name);
}
}
else
{
response = Response.Unauthorized("Explicit Unauthorized");
}
}
else
{
response = Response.Unauthorized("Authorization replaced by new login in another session");
}
}
else
{
response = Response.Unauthorized("Authorization token header invalid");
}
return(response);
};
return(authWithToken());
}
// public processRead
static public Task <ActionResult> ProcessRead <T>(IIdentity user, HttpRequest uriInfo, DbContext entityManager, String serviceName) where T : class
{
return(RequestFilter.GetObject <T>(user, uriInfo, entityManager, serviceName).ContinueWith <ActionResult>(taskGet => {
return Response.Ok(taskGet.Result);
}, TaskContinuationOptions.NotOnFaulted));
}