/// <summary> /// Verify if claimed Type with claimed name and value exist and there is a valid connection between it /// and modelType with claimed id property and value /// </summary> private bool verifyConnection( Type claimType, string claimName, object claimValue, Type modelType, PropertyInfo idProperty, object idValue) { var claimId = claimType .GetProperties() .Where(prop => prop.IsDefined(typeof(KeyAttribute), true)) .FirstOrDefault(); var claimIdValue = claimId.GetValue(claimValue); if (claimIdValue == null) { return(false); } return(Utils.VerifyConnection( APIUtils.GetIQueryable(dbContext, modelType.Name), modelType, claimType, idProperty, idValue.ToString(), claimName, claimId, claimIdValue.ToString())); }
public dynamic ReadCardList( string resourceName, string requesterID, string cursor ) { Cursor objCursor = null; if (cursor != null && !string.IsNullOrWhiteSpace(cursor)) { try { var decryptedCursor = cursor.DecryptString( engineService.GetCursorEncryptionKey() ); objCursor = JsonConvert.DeserializeObject <Cursor> (decryptedCursor); } catch (Exception) { } } var maxPage = engineService.GetMaxRangeReadPage(resourceName); var maxOPP = engineService.GetMaxRangeReadObjectPerPage(resourceName); if (objCursor == null) { objCursor = new Cursor(requesterID, resourceName); } else { if (objCursor.isExpired()) { return(new BadRequestObjectResult(new APIError { Message = "Cursor time limit has been expired." })); } if (objCursor.RequesterID != requesterID || objCursor.IssuedFor != resourceName) { return(new BadRequestObjectResult(new APIError { Message = "Cursor has been issued for someone else." })); } if (objCursor.PageNumber < 1 || objCursor.PageNumber > maxPage || objCursor.ObjPerPage < 1 || objCursor.ObjPerPage > maxOPP) { return(new BadRequestObjectResult(new APIError { Message = "Cursor page number or object/page is out of bound." })); } } var resourceType = modelParser.IsRangeReaderAllowed(resourceName); if (resourceType == null) { return(new NotFoundResult()); } var endPoint = objCursor.PageNumber * objCursor.ObjPerPage; var startpoint = endPoint - objCursor.ObjPerPage; var rangeAttribute = resourceType.GetCustomAttribute <RangeReaderAllowedAttribute> (); if (endPoint > rangeAttribute.MaxObjToRead) { return(new BadRequestObjectResult(new APIError { Message = "Requested range is exceeded from resource limitations (" + rangeAttribute.MaxObjToRead + ")" })); } var nextCursor = string.Empty; if (endPoint + objCursor.ObjPerPage <= rangeAttribute.MaxObjToRead && objCursor.PageNumber <= maxPage && objCursor.ObjPerPage <= maxOPP) { try { nextCursor = JsonConvert.SerializeObject( new Cursor( requesterID, resourceName, objCursor.PageNumber + 1, objCursor.ObjPerPage ) ) .EncryptString(engineService.GetCursorEncryptionKey()); } catch (Exception) { return(new BadRequestObjectResult(new APIError { Message = "Cursor creation has been failed" })); } } APIUtils utils = new APIUtils(); var result = utils.GetResourceWithRange( APIUtils.GetIQueryable(dbContext, resourceType.Name), startpoint, endPoint) as ICollection <Card>; if (result == null || result.Count == 0) { return(new CardList()); } var rangerIdProp = resourceType.GetProperties() .Where(prop => prop.IsDefined(typeof(KeyAttribute), false)) .FirstOrDefault(); var permissionHandler = new PermissionHandler <TRelation, TUser> ( requesterID, modelParser, engineService, dbContext); var iRequest = new IRequest { ResourceName = resourceType.Name, IdentifierName = rangerIdProp.Name }; foreach (var item in result) { iRequest.IdentifierValue = rangerIdProp.GetValue(item).ToString(); permissionHandler.CheckPermissionRequirements( iRequest, ModelAction.Read, HttpRequestMethod.Get, item); } return(new CardList { PageNumber = objCursor.PageNumber, Cursor = nextCursor, Cards = result.ToList(), }); }