public bool CanUserAccess(ClaimsPrincipal principal) { return(HalcyonExtUtils.CanUserAccess(principal, halRefInfo.ActionMethodInfo, halRefInfo.ControllerType.GetTypeInfo())); }
public async Task <EndpointDoc> GetDoc(string groupName, string method, string relativePath, EndpointDocBuilderOptions options) { if (relativePath == null) { relativePath = ""; } else if (relativePath.EndsWith("/") || relativePath.EndsWith("\\")) { relativePath = relativePath.Substring(0, relativePath.Length - 1); } var group = descriptionProvider.ApiDescriptionGroups.Items.FirstOrDefault(i => i.GroupName == groupName); if (group == null) { throw new InvalidOperationException($"Cannot find an api group for {groupName}. Did you declare a route to that group?"); } var action = group.Items.FirstOrDefault(i => i.HttpMethod == method && i.RelativePath == relativePath); if (action == null) { throw new InvalidOperationException($"Cannot find an api action for {relativePath} and method {method} in api group {groupName}."); } var description = new EndpointDoc(); bool handleFormData = true; if (options.IncludeResponse) { var controllerActionDesc = action.ActionDescriptor as ControllerActionDescriptor; if (controllerActionDesc != null) { var methodInfo = controllerActionDesc.MethodInfo; //Check to see if the user can actually access the endpoint we requested if (options.User != null && !HalcyonExtUtils.CanUserAccess(options.User, methodInfo, controllerActionDesc.ControllerTypeInfo)) { throw new UnauthorizedAccessException("User cannot access requested endpoint"); } var returnType = methodInfo.ReturnType; if (returnType != typeof(void)) { description.SetResponseSchema(await endpointDocCache.GetCachedResponse(groupName, method, relativePath, returnType, schemaBuilder.GetSchema)); } } } if (options.IncludeRequest) { foreach (var param in action.ParameterDescriptions) { if (param.Source.IsFromRequest) { if (param.Source.CanAcceptDataFrom(BindingSource.Body)) { description.SetRequestSchema(await endpointDocCache.GetCachedRequest(groupName, method, relativePath, param.Type, schemaBuilder.GetSchema)); } else if (param.Source.CanAcceptDataFrom(BindingSource.Query)) { description.SetRequestSchema(await endpointDocCache.GetCachedRequest(groupName, method, relativePath, param.ModelMetadata.ContainerType, schemaBuilder.GetSchema)); } else if (handleFormData && param.Source.CanAcceptDataFrom(BindingSource.Form)) { handleFormData = false; //This prevents this from running for everything that responsds to form, there should only be 1 per controller method. //Discover the type from the action method, there is no way to get the real object type from the description when dealing with form input Type type = null; var controllerActionDescriptor = action.ActionDescriptor as ControllerActionDescriptor; if (controllerActionDescriptor != null) { foreach (var arg in controllerActionDescriptor.MethodInfo.GetParameters()) { if (arg.CustomAttributes.Any(i => i.AttributeType == typeof(FromFormAttribute))) { type = arg.ParameterType; break; } } } if (type != null && validSchemaManager.IsValid(type)) { description.SetRequestSchema(await endpointDocCache.GetCachedRequest(groupName, method, relativePath, type, async t => { var schema = await schemaBuilder.GetSchema(t); schema.SetDataIsForm(true); return(schema); })); } } } } } return(description); }