public override void ExplicitVisit(ColumnReferenceExpression node) { RbacSelectColumn column = new RbacSelectColumn(); if (node.MultiPartIdentifier.Identifiers.Count == 1) { column.Name = node.MultiPartIdentifier.Identifiers[0].Value; column.Table = Table; } else if (node.MultiPartIdentifier.Identifiers.Count == 2) { column.Table.Alias = node.MultiPartIdentifier.Identifiers[0].Value; column.Name = node.MultiPartIdentifier.Identifiers[1].Value; } else if (node.MultiPartIdentifier.Identifiers.Count == 3) { column.Table.Schema = node.MultiPartIdentifier.Identifiers[0].Value; column.Table.Alias = node.MultiPartIdentifier.Identifiers[1].Value; column.Name = node.MultiPartIdentifier.Identifiers[2].Value; } else { throw new NotImplementedException("unknown number of identifiers found in select statement, please report this issue!"); } column.SetToken(node); Columns.Add(column); }
private void AddSelectColumn(string tableName, string columnName) { RbacSelectColumn column = new RbacSelectColumn(); column.Alias = string.Empty; column.Name = columnName; column.Table.Name = tableName; Columns.Add(column); }
public bool ParseUsingSqlCommand() { if (TablesReferred == null) { TablesReferred = new List <RbacTable>(); } else { TablesReferred.Clear(); } try { using (SqlConnection connection = new SqlConnection(Context.ConnectionString)) { connection.Open(); SqlCommand command = new SqlCommand(OriginalQuery, connection); SqlDataReader reader = command.ExecuteReader(CommandBehavior.KeyInfo); DataTable schemaTable = reader.GetSchemaTable(); foreach (DataRow row in schemaTable.Rows) { //if (row["BaseTableName"].ToString() == "City") // Debugger.Break(); RbacSelectColumn column = new RbacSelectColumn(); column.Alias = row["ColumnName"].ToString(); column.Name = row["BaseColumnName"].ToString(); column.Table.Name = row["BaseTableName"].ToString(); Columns.Add(column); RbacTable table = Context.User.Role.CrudPermissions.Find(column.Table.Name); if (table != null) { TablesReferred.Add(table); } else { throw new Exception(string.Format("The referred table {0} was not found in meta data!", row["BaseTableName"].ToString())); } } TablesReferred = new List <RbacTable>(TablesReferred.DistinctBy(t => t.Name)); connection.Close(); } ParsedMethod = RbacSelectQueryParsedMethods.CommandBehavior; ParsedQuery = ParsedQuery.Replace("*", Columns.ToCommaSeparatedString()); IsParsed = true; return(true); } catch (Exception ex) { Errors.Add(ex.Message); } return(false); }
private void RemoveColumnFromSelect(RbacSelectColumn column) { //if (column.TableColumnName == "SSN") // Debugger.Break(); SelectColumnRemover selectColumnRemover = new SelectColumnRemover(ParsedQuery, column); ParsedQuery = selectColumnRemover.Remove(); if ((IsSilent == false) && selectColumnRemover.IsZeroSelectColumn) { RbacException.Raise("The query returned 0(zero) column!"); } }
public SelectColumnRemover(string query, RbacSelectColumn column) { Query = query; Column = column; int fromIndex = Query.IndexOf(" into", StringComparison.OrdinalIgnoreCase); if (fromIndex == -1) { fromIndex = Query.IndexOf("from", StringComparison.OrdinalIgnoreCase); } if (fromIndex == -1) { RbacException.Raise("Something went wrong while applying permission on select columns, no 'into' or 'from' statement found in the query"); } SelectStatement = Query.Substring(0, fromIndex); OtherStatement = " " + Query.Substring(fromIndex, Query.Length - fromIndex); }
public override void ExplicitVisit(AssignmentSetClause assignSetClause) { RbacSelectColumn column = new RbacSelectColumn(); if (!string.IsNullOrEmpty(TableName)) { column.Table.Name = TableName; } if (assignSetClause.Column.MultiPartIdentifier.Identifiers.Count == 1) { column.Name = assignSetClause.Column.MultiPartIdentifier.Identifiers[0].Value; } else if (assignSetClause.Column.MultiPartIdentifier.Identifiers.Count == 2) { column.Table.Alias = assignSetClause.Column.MultiPartIdentifier.Identifiers[0].Value; column.Name = assignSetClause.Column.MultiPartIdentifier.Identifiers[1].Value; } Columns.Add(column); }
public override void ExplicitVisit(SelectStarExpression node) { string query = String.Join(string.Empty, node.ScriptTokenStream.Select(sts => sts.Text).ToArray()); string tableNameOrAlias = string.Empty; bool hasIdentifier = false; if (node.Qualifier != null) { tableNameOrAlias = node.Qualifier.Identifiers[0].Value; hasIdentifier = true; } else { int pos = node.ScriptTokenStream.Select((v, i) => new { token = v, index = i }).First(sts => sts.token.TokenType == TSqlTokenType.From).index; tableNameOrAlias = node.ScriptTokenStream[pos + 2].Text; if ((node.ScriptTokenStream.Count > (pos + 2 + 2)) && (node.ScriptTokenStream[pos + 4].TokenType == TSqlTokenType.Identifier)) { //e.g. 'select * from Author a' getting 'a' tableNameOrAlias = node.ScriptTokenStream[pos + 4].Text; } } bool isAlias = false; RbacTable table = Context.User.Role.CrudPermissions.Find(tableNameOrAlias, ref isAlias); if (table != null) { foreach (RbacColumn col in table.Columns) { RbacSelectColumn column = new RbacSelectColumn(); if (isAlias) { column.Table.Alias = tableNameOrAlias; column.Table.Name = table.Name; } else { column.Table.Name = tableNameOrAlias; } column.Table = table; column.Name = col.Name; Columns.Add(column); } if ((isAlias) && (hasIdentifier)) { ParsedQuery = query.Replace(tableNameOrAlias + ".*", table.Columns.ToCommaSeparatedString(tableNameOrAlias)); } else { ParsedQuery = query.Replace("*", table.Columns.ToCommaSeparatedString(tableNameOrAlias)); } } else { RbacException.Raise(string.Format("The referred table {0} was not found in meta data!", tableNameOrAlias), RbacExceptionCategories.Parser); } }