WhenAPUTRequestWithACollectionContainingOnlyConformingIncludedOrExcludedTypeValuesIsSubmittedToSchoolsWithARequestBodyContentTypeOfTheAppropriateValueForTheProfileInUse(
ConformanceType conformanceType,
IncludedOrExcluded includedOrExcluded,
string typeOrDescriptor,
string resourceCollectionName,
string contentType)
{
if (string.IsNullOrEmpty(contentType))
{
contentType = ProfilesContentTypeHelper.CreateContentType(
resourceCollectionName,
ScenarioContext.Current.Get <string>(ScenarioContextKeys.ProfileName),
ContentTypeUsage.Writable);
}
var httpClient = FeatureContext.Current.Get <HttpClient>();
httpClient.DefaultRequestHeaders.Clear();
var container = FeatureContext.Current.Get <IWindsorContainer>();
HttpContent putRequestContent = null;
Guid id = Guid.NewGuid();
switch (resourceCollectionName)
{
case "schools":
putRequestContent = GetSchoolPutRequestContent(id, contentType, conformanceType, includedOrExcluded, container, httpClient);
break;
case "studentAssessments":
putRequestContent = GetStudentAssessmentPutRequestContent(
id,
contentType,
conformanceType,
includedOrExcluded,
container,
httpClient);
break;
default:
throw new NotSupportedException();
}
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(
"Bearer",
Guid.NewGuid()
.ToString());
// Post resource, using the Profile's content type
var putResponseMessage = httpClient.PutAsync(OwinUriHelper.BuildOdsUri(resourceCollectionName + "/" + id), putRequestContent)
.Sync();
ScenarioContext.Current.Set(putResponseMessage);
}
private string BuildJsonMimeType(string resourceName)
{
if (string.IsNullOrEmpty(_configuration.Profile))
{
return("application/json");
}
return(ProfilesContentTypeHelper.CreateContentType(
resourceName,
_configuration.Profile,
ContentTypeUsage.Writable
));
}
// Generates a list of assigned profiles that can be used by the client for the sent resource
private IEnumerable <string> GetApplicableContentTypes(
IEnumerable <string> assignedProfiles,
string resourceCollectionName,
string resourceItemName,
HttpMethod httpMethod)
{
ContentTypeUsage contentTypeUsage = httpMethod == HttpMethod.Get
? ContentTypeUsage.Readable
: ContentTypeUsage.Writable;
var assignedContentTypes = assignedProfiles
.Select(x => ProfilesContentTypeHelper.CreateContentType(resourceCollectionName, x, contentTypeUsage));
return(assignedContentTypes
.Intersect(
_profileResourceNamesProvider.GetProfileResourceNames()
.Where(x => x.ResourceName.EqualsIgnoreCase(resourceItemName))
.Select(
x => ProfilesContentTypeHelper.CreateContentType(
CompositeTermInflector.MakePlural(x.ResourceName),
x.ProfileName,
contentTypeUsage)))
.ToList());
}
public Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync(
HttpActionContext actionContext,
CancellationToken cancellationToken,
Func <Task <HttpResponseMessage> > continuation)
{
// check if the http method sent needs to be checked by this filter
if (!(actionContext.Request.Method == HttpMethod.Put ||
actionContext.Request.Method == HttpMethod.Post ||
actionContext.Request.Method == HttpMethod.Get))
{
return(continuation());
}
// Try to get the current API key context
var assignedProfiles = new List <string>();
var apiKeyContext = _apiKeyContextProvider.GetApiKeyContext();
// check that the ApiKeyContext is available so that we can get the assigned profiles
if (apiKeyContext != null && apiKeyContext != ApiKeyContext.Empty)
{
assignedProfiles = _apiKeyContextProvider.GetApiKeyContext()
.Profiles.ToList();
}
// declare profile content type variable because it can be retrieved from the
// accept header or the content-type header
string profileContentType = null;
ProfileContentTypeDetails profileContentTypeDetails = null;
// get singluar spelling of the controller name for comparison to the resource in the profiles
string resourceCollectionName =
actionContext.ControllerContext.ControllerDescriptor.ControllerName.TrimSuffix("Controller");
string resourceItemName = CompositeTermInflector.MakeSingular(resourceCollectionName);
// try to get the Profile Content type and parse if successful
if (TryGetProfileContentType(actionContext, out profileContentType))
{
profileContentTypeDetails = profileContentType.GetContentTypeDetails();
}
// If the caller has not specified a profile specific content type and there are no assigned
// profiles then allow the request to be processed (there is nothing left to check)
if (string.IsNullOrEmpty(profileContentType) && !assignedProfiles.Any())
{
return(continuation());
}
// If the caller has not specified a profile specific content type but the targeted
// resource is covered by an assigned profile then we must refuse the request
if (string.IsNullOrEmpty(profileContentType) &&
IsResourceCoveredByAssignedProfile(assignedProfiles, resourceItemName))
{
if (actionContext.Request.Method == HttpMethod.Get)
{
return
(Task.FromResult(
ForbiddenHttpResponseMessage(
actionContext,
string.Format(
"One of the following profile-specific content types is required when requesting this resource: '{0}'.",
string.Join(
"', '",
assignedProfiles.Select(
p => ProfilesContentTypeHelper.CreateContentType(
resourceCollectionName,
p,
ContentTypeUsage.Readable)))))));
}
// PUT or POST
return
(Task.FromResult(
ForbiddenHttpResponseMessage(
actionContext,
string.Format(
"Based on the assigned profiles, one of the following profile-specific content types is required when updating this resource: '{0}'.",
string.Join(
"', '",
assignedProfiles.Select(
p => ProfilesContentTypeHelper.CreateContentType(resourceCollectionName, p, ContentTypeUsage.Writable)))))));
}
// if there is no profile specific content at this point there are no more checks to make so proceed with request processing
if (string.IsNullOrEmpty(profileContentType))
{
return(continuation());
}
// If the caller is "opting in" to a profile, and the targeted resource exists in the specified profile, proceed with request processing
if (!assignedProfiles.Any() &&
IsTheResourceInTheProfile(resourceItemName, profileContentTypeDetails.Profile))
{
return(continuation());
}
// If the caller is not assigned any profiles that cover the targeted resource, then proceed with request processing.
if (!AnyAssignedProfilesCoverTheResource(assignedProfiles, resourceItemName))
{
return(continuation());
}
// Check if the resource is covered under an assigned profile that is not the profile content type sent
if (!IsResourceCoveredByAnotherAssignedProfile(assignedProfiles, resourceItemName, profileContentTypeDetails.Profile))
{
// create the response based on the method
if (actionContext.Request.Method == HttpMethod.Get)
{
return(Task.FromResult(
ForbiddenHttpResponseMessage(
actionContext,
string.Format(
"One of the following profile-specific content types is required when requesting this resource: '{0}'.",
string.Join(
"', '",
GetApplicableContentTypes(
assignedProfiles,
resourceCollectionName,
resourceItemName,
actionContext.Request.Method))))));
}
if (actionContext.Request.Method == HttpMethod.Put || actionContext.Request.Method == HttpMethod.Post)
{
return(Task.FromResult(
ForbiddenHttpResponseMessage(
actionContext,
string.Format(
"Based on the assigned profiles, one of the following profile-specific content types is required when updating this resource: '{0}'.",
string.Join(
"', '",
GetApplicableContentTypes(
assignedProfiles,
resourceCollectionName,
resourceItemName,
actionContext.Request.Method))))));
}
}
return(continuation());
}
private static string BuildJsonMimeType(string elementName, string profile = null)
{
return(string.IsNullOrEmpty(profile)
? "application/json"
: ProfilesContentTypeHelper.CreateContentType(elementName, profile, ContentTypeUsage.Writable));
}
public string GetOperationContentType(OpenApiMetadataResource openApiMetadataResource, ContentTypeUsage contentTypeUsage)
=> ProfilesContentTypeHelper.CreateContentType(
openApiMetadataResource.Resource.Name,
_documentContext.ProfileContext.ProfileName,
contentTypeUsage);
public string GetOperationContentType(SwaggerResource swaggerResource, ContentTypeUsage contentTypeUsage)
=> ProfilesContentTypeHelper.CreateContentType(
swaggerResource.Resource.Name,
_documentContext.ProfileContext.ProfileName,
contentTypeUsage);
