Skip to content

changed to use secure operations to restrict operations #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
gcsantos-gpa wants to merge 1 commit into
base: master
Choose a base branch
from
+29 −30
Open

changed to use secure operations to restrict operations #25

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 8 additions & 9 deletions src/Gemstone.Web/APIController/ModelController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,7 @@
// ReSharper disable StaticMemberInGenericType

using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Reflection;
using System.Linq;
using System.Threading;
using System.Threading.Tasks;
using Gemstone.Data;
Expand Down Expand Up @@ -59,8 +57,8 @@ public ModelController() { }
public virtual async Task<IActionResult> Patch([FromBody] T record, CancellationToken cancellationToken)
{
await using AdoDataConnection connection = CreateConnection();
TableOperations<T> tableOperations = new(connection);
await tableOperations.UpdateRecordAsync(record, cancellationToken);
SecureTableOperations<T> tableOperations = new(connection);
await tableOperations.UpdateRecordAsync(HttpContext.User, record, cancellationToken);

return Ok(record);
}
Expand Down Expand Up @@ -92,8 +90,9 @@ public virtual async Task<IActionResult> Post([FromBody]T record, CancellationTo
public virtual async Task<IActionResult> Delete([FromBody] T record, CancellationToken cancellationToken)
{
await using AdoDataConnection connection = CreateConnection();
TableOperations<T> tableOperations = new(connection);
await tableOperations.DeleteRecordAsync(record, cancellationToken);
SecureTableOperations<T> tableOperations = new(connection);
object primaryKey = tableOperations.BaseOperations.GetPrimaryKeys(record).First();
await tableOperations.DeleteRecordWhereAsync(HttpContext.User, $"{PrimaryKeyField} = {{0}}", cancellationToken, primaryKey);

return Ok(1);
}
Expand All @@ -108,8 +107,8 @@ public virtual async Task<IActionResult> Delete([FromBody] T record, Cancellatio
public virtual async Task<IActionResult> Delete(string id, CancellationToken cancellationToken)
{
await using AdoDataConnection connection = CreateConnection();
TableOperations<T> tableOperations = new(connection);
await tableOperations.DeleteRecordWhereAsync($"{PrimaryKeyField} = {{0}}", cancellationToken, id);
SecureTableOperations<T> tableOperations = new(connection);
await tableOperations.DeleteRecordWhereAsync(HttpContext.User, $"{PrimaryKeyField} = {{0}}", cancellationToken, id);

return Ok(1);
}
Expand Down
42 changes: 21 additions & 21 deletions src/Gemstone.Web/APIController/ReadOnlyModelController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@
{
public string Token { get; } = Guid.NewGuid().ToString();

public TableOperations<T> Table { get; }
public SecureTableOperations<T> Table { get; }

Check failure on line 52 in src/Gemstone.Web/APIController/ReadOnlyModelController.cs

View workflow job for this annotation

GitHub Actions / Analyze (csharp) 

The type or namespace name 'SecureTableOperations<>' could not be found (are you missing a using directive or an assembly reference?)

Check failure on line 52 in src/Gemstone.Web/APIController/ReadOnlyModelController.cs

View workflow job for this annotation

GitHub Actions / Analyze (csharp) 

The type or namespace name 'SecureTableOperations<>' could not be found (are you missing a using directive or an assembly reference?)

public IAsyncEnumerator<T?>? Records { get; set; }

Expand All @@ -58,7 +58,7 @@
private ConnectionCache()
{
m_connection = new AdoDataConnection(Settings.Default);
Table = new TableOperations<T>(m_connection);
Table = new SecureTableOperations<T>(m_connection);
}

public void Dispose()
Expand Down Expand Up @@ -177,7 +177,7 @@
{
ConnectionCache cache = ConnectionCache.Create(expiration ?? 1.0D);

cache.Records = cache.Table.QueryRecordsWhereAsync(filterExpression, cancellationToken, parameters).GetAsyncEnumerator(cancellationToken);
cache.Records = cache.Table.QueryRecordsWhereAsync(HttpContext.User, filterExpression, cancellationToken, parameters).GetAsyncEnumerator(cancellationToken);

return Task.FromResult<IActionResult>(Ok(cache.Token));
}
Expand Down Expand Up @@ -237,7 +237,7 @@
public virtual async Task<IActionResult> Get(string? parentID, int page, CancellationToken cancellationToken)
{
await using AdoDataConnection connection = CreateConnection();
TableOperations<T> tableOperations = new(connection);
SecureTableOperations<T> tableOperations = new(connection);
RecordFilter<T>? filter = null;

if (ParentKey != string.Empty && parentID is not null)
Expand All @@ -250,7 +250,7 @@
};
}

IAsyncEnumerable<T> result = tableOperations.QueryRecordsAsync(DefaultSort, DefaultSortDirection, page, PageSize, cancellationToken, filter);
IAsyncEnumerable<T> result = tableOperations.QueryRecordsAsync(HttpContext.User, DefaultSort, DefaultSortDirection, page, PageSize, cancellationToken, filter);

return Ok(await result.ToArrayAsync(cancellationToken).ConfigureAwait(false));
}
Expand All @@ -267,10 +267,10 @@
public virtual async Task<IActionResult> Get(string sort, bool ascending, int page, CancellationToken cancellationToken)
{
await using AdoDataConnection connection = CreateConnection();
TableOperations<T> tableOperations = new(connection);
SecureTableOperations<T> tableOperations = new(connection);
RecordFilter<T>? filter = null;

IAsyncEnumerable<T> result = tableOperations.QueryRecordsAsync(sort, ascending, page, PageSize, cancellationToken, filter);
IAsyncEnumerable<T> result = tableOperations.QueryRecordsAsync(HttpContext.User, sort, ascending, page, PageSize, cancellationToken, filter);

return Ok(await result.ToArrayAsync(cancellationToken).ConfigureAwait(false));
}
Expand All @@ -288,15 +288,15 @@
public virtual async Task<IActionResult> Get(string parentID, string sort, bool ascending, int page, CancellationToken cancellationToken)
{
await using AdoDataConnection connection = CreateConnection();
TableOperations<T> tableOperations = new(connection);
SecureTableOperations<T> tableOperations = new(connection);
RecordFilter<T> filter = new()
{
FieldName = ParentKey,
Operator = "=",
SearchParameter = parentID
};

IAsyncEnumerable<T> result = tableOperations.QueryRecordsAsync(sort, ascending, page, PageSize, cancellationToken, filter);
IAsyncEnumerable<T> result = tableOperations.QueryRecordsAsync(HttpContext.User, sort, ascending, page, PageSize, cancellationToken, filter);

return Ok(await result.ToArrayAsync(cancellationToken).ConfigureAwait(false));
}
Expand All @@ -311,8 +311,8 @@
public virtual async Task<IActionResult> GetOne(string id, CancellationToken cancellationToken)
{
await using AdoDataConnection connection = CreateConnection();
TableOperations<T> tableOperations = new(connection);
T? result = await tableOperations.QueryRecordAsync(new RecordRestriction($"{PrimaryKeyField} = {{0}}", id), cancellationToken).ConfigureAwait(false);
SecureTableOperations<T> tableOperations = new(connection);
T? result = await tableOperations.QueryRecordAsync(HttpContext.User, new RecordRestriction($"{PrimaryKeyField} = {{0}}", id), cancellationToken).ConfigureAwait(false);

return result is null ?
NotFound() :
Expand All @@ -332,7 +332,7 @@
public virtual async Task<IActionResult> Search([FromBody] SearchPost<T> postData, int page, string? parentID, CancellationToken cancellationToken)
{
await using AdoDataConnection connection = CreateConnection();
TableOperations<T> tableOperations = new(connection);
SecureTableOperations<T> tableOperations = new(connection);
RecordFilter<T>[] filters = postData.Searches.ToArray();

if (ParentKey != string.Empty && parentID is not null)
Expand All @@ -345,7 +345,7 @@
});
}

IAsyncEnumerable<T> result = tableOperations.QueryRecordsAsync(postData.OrderBy, postData.Ascending, page, PageSize, cancellationToken, filters);
IAsyncEnumerable<T> result = tableOperations.QueryRecordsAsync(HttpContext.User, postData.OrderBy, postData.Ascending, page, PageSize, cancellationToken, filters);

return Ok(await result.ToArrayAsync(cancellationToken).ConfigureAwait(false));
}
Expand All @@ -362,7 +362,7 @@
public virtual async Task<IActionResult> GetPageInfo([FromBody] SearchPost<T> postData, string? parentID, CancellationToken cancellationToken)
{
await using AdoDataConnection connection = CreateConnection();
TableOperations<T> tableOperations = new(connection);
SecureTableOperations<T> tableOperations = new(connection);
RecordFilter<T>[] filters = postData.Searches.ToArray();

if (ParentKey != string.Empty && parentID is not null)
Expand All @@ -375,7 +375,7 @@
});
}

int recordCount = await tableOperations.QueryRecordCountAsync(cancellationToken, filters).ConfigureAwait(false);
int recordCount = await tableOperations.QueryRecordCountAsync(HttpContext.User, cancellationToken, filters).ConfigureAwait(false);

return Ok(new PageInfo()
{
Expand All @@ -396,7 +396,7 @@
public virtual async Task<IActionResult> GetPageInfo(string? parentID, CancellationToken cancellationToken)
{
await using AdoDataConnection connection = CreateConnection();
TableOperations<T> tableOperations = new(connection);
SecureTableOperations<T> tableOperations = new(connection);
RecordFilter<T>[] filters = [];

if (ParentKey != string.Empty && parentID is not null)
Expand All @@ -409,7 +409,7 @@
});
}

int recordCount = await tableOperations.QueryRecordCountAsync(cancellationToken, filters).ConfigureAwait(false);
int recordCount = await tableOperations.QueryRecordCountAsync(HttpContext.User, cancellationToken, filters).ConfigureAwait(false);

return Ok(new PageInfo()
{
Expand All @@ -428,9 +428,9 @@
public virtual async Task<IActionResult> New(CancellationToken cancellationToken)
{
await using AdoDataConnection connection = CreateConnection();
TableOperations<T> tableOperations = new(connection);
SecureTableOperations<T> tableOperations = new(connection);

T? result = tableOperations.NewRecord();
T? result = tableOperations.BaseOperations.NewRecord();
return Ok(result);
}

Expand All @@ -450,8 +450,8 @@

// Create a connection and table operations instance
await using AdoDataConnection connection = CreateConnection();
TableOperations<T> tableOperations = new(connection);
string tableName = tableOperations.TableName;
SecureTableOperations<T> tableOperations = new(connection);
string tableName = tableOperations.BaseOperations.TableName;
string sql = $"SELECT MAX([{fieldName}]) FROM [{tableName}]";

object? maxValue = await connection.ExecuteScalarAsync(sql, cancellationToken).ConfigureAwait(false);
Expand Down
Loading