public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
DisableQueryAttribute disableQueryAttribute = context.Controller.GetType().GetCustomAttribute <DisableQueryAttribute>();
_queryStringReader.ReadAll(disableQueryAttribute);
await next();
}
/// <inheritdoc/>
public virtual void Parse(DisableQueryAttribute disableQueryAttribute)
{
disableQueryAttribute ??= DisableQueryAttribute.Empty;
foreach (var pair in _queryStringAccessor.Query)
{
if (string.IsNullOrEmpty(pair.Value))
{
throw new InvalidQueryStringParameterException(pair.Key, "Missing query string parameter value.",
$"Missing value for '{pair.Key}' query string parameter.");
}
var service = _queryServices.FirstOrDefault(s => s.CanParse(pair.Key));
if (service != null)
{
_logger.LogDebug($"Query string parameter '{pair.Key}' with value '{pair.Value}' was accepted by {service.GetType().Name}.");
if (!service.IsEnabled(disableQueryAttribute))
{
throw new InvalidQueryStringParameterException(pair.Key,
"Usage of one or more query string parameters is not allowed at the requested endpoint.",
$"The parameter '{pair.Key}' cannot be used at this endpoint.");
}
service.Parse(pair.Key, pair.Value);
_logger.LogDebug($"Query string parameter '{pair.Key}' was successfully parsed.");
}
else if (!_options.AllowCustomQueryStringParameters)
{
throw new InvalidQueryStringParameterException(pair.Key, "Unknown query string parameter.",
$"Query string parameter '{pair.Key}' is unknown. Set '{nameof(IJsonApiOptions.AllowCustomQueryStringParameters)}' to 'true' in options to ignore unknown parameters.");
}
}
}
/// <summary>
/// For a query parameter in <paramref name="query"/>, calls
/// the <see cref="IQueryParameterService.Parse(KeyValuePair{string, Microsoft.Extensions.Primitives.StringValues})"/>
/// method of the corresponding service.
/// </summary>
public virtual void Parse(IQueryCollection query, DisableQueryAttribute disabled)
{
var disabledQuery = disabled?.QueryParams;
foreach (var pair in query)
{
bool parsed = false;
foreach (var service in _queryServices)
{
if (pair.Key.ToLower().StartsWith(service.Name, StringComparison.Ordinal))
{
if (disabledQuery == null || !IsDisabled(disabledQuery, service))
{
service.Parse(pair);
}
parsed = true;
break;
}
}
if (parsed)
{
continue;
}
if (!_options.AllowCustomQueryParameters)
{
throw new JsonApiException(400, $"{pair} is not a valid query.");
}
}
}
public ModelAttributesInfo(Type modelType)
{
QueryAuthAttributes = GetAuthAttributesOfClassOrDirectTopClass <QueryAuthAttribute>(modelType);
QueryEntryAuthAttributes = GetAuthAttributesOfClassOrDirectTopClass <QueryEntryAuthAttribute>(modelType);
UpdateAuthAttributes = GetAuthAttributesOfClassOrDirectTopClass <UpdateAuthAttribute>(modelType);
DeleteAuthAttributes = GetAuthAttributesOfClassOrDirectTopClass <DeleteAuthAttribute>(modelType);
CreateAuthAttributes = GetAuthAttributesOfClassOrDirectTopClass <CreateAuthAttribute>(modelType);
CreateEventAttributes = GetHookAttributeOfClassAndTopClasses <CreateEventAttribute>(modelType);
UpdateEventAttributes = GetHookAttributeOfClassAndTopClasses <UpdateEventAttribute>(modelType);
DeleteEventAttributes = GetHookAttributeOfClassAndTopClasses <DeleteEventAttribute>(modelType);
QueryAttributes = GetQueryAttributes(modelType);
UpdateableAttribute = modelType.GetCustomAttribute <UpdateableAttribute>(false);
DisableAutoMergeAttribute = modelType.GetCustomAttribute <DisableAutoMergeAttribute>(false);
DisableCreateAttribute = modelType.GetCustomAttribute <DisableCreateAttribute>(true);
DisableUpdateAttribute = modelType.GetCustomAttribute <DisableUpdateAttribute>(true);
DisableDeleteAttribute = modelType.GetCustomAttribute <DisableDeleteAttribute>(true);
DisableQueryAttribute = modelType.GetCustomAttribute <DisableQueryAttribute>(true);
}
/// <inheritdoc/>
public virtual void ReadAll(DisableQueryAttribute disableQueryAttribute)
{
disableQueryAttribute ??= DisableQueryAttribute.Empty;
foreach (var(parameterName, parameterValue) in _queryStringAccessor.Query)
{
if (string.IsNullOrEmpty(parameterValue))
{
throw new InvalidQueryStringParameterException(parameterName,
"Missing query string parameter value.",
$"Missing value for '{parameterName}' query string parameter.");
}
var reader = _parameterReaders.FirstOrDefault(r => r.CanRead(parameterName));
if (reader != null)
{
_logger.LogDebug(
$"Query string parameter '{parameterName}' with value '{parameterValue}' was accepted by {reader.GetType().Name}.");
if (!reader.IsEnabled(disableQueryAttribute))
{
throw new InvalidQueryStringParameterException(parameterName,
"Usage of one or more query string parameters is not allowed at the requested endpoint.",
$"The parameter '{parameterName}' cannot be used at this endpoint.");
}
reader.Read(parameterName, parameterValue);
_logger.LogDebug($"Query string parameter '{parameterName}' was successfully read.");
}
else if (!_options.AllowUnknownQueryStringParameters)
{
throw new InvalidQueryStringParameterException(parameterName, "Unknown query string parameter.",
$"Query string parameter '{parameterName}' is unknown. " +
$"Set '{nameof(IJsonApiOptions.AllowUnknownQueryStringParameters)}' to 'true' in options to ignore unknown parameters.");
}
}
}
/// <inheritdoc/>
public bool IsEnabled(DisableQueryAttribute disableQueryAttribute)
{
return(!disableQueryAttribute.ContainsParameter(StandardQueryStringParameters.Fields));
}
/// <inheritdoc/>
public bool IsEnabled(DisableQueryAttribute disableQueryAttribute)
{
return(_options.AllowQueryStringOverrideForSerializerDefaultValueHandling &&
!disableQueryAttribute.ContainsParameter(StandardQueryStringParameters.Defaults));
}
public bool IsEnabled(DisableQueryAttribute disableQueryAttribute)
{
return(!disableQueryAttribute.ParameterNames.Contains(_skipCacheParameterName.ToLowerInvariant()));
}
/// <inheritdoc/>
public bool IsEnabled(DisableQueryAttribute disableQueryAttribute)
{
return(true);
}
