From 5ebf1d9eec8590e9597fdd849eeec58865cc7a21 Mon Sep 17 00:00:00 2001 From: John Cardinal Date: Tue, 21 Jan 2020 23:33:24 +0000 Subject: [PATCH] --- .../AyaNova/Controllers/DataListController.cs | 15 ++++-- server/AyaNova/DataList/DataListFactory.cs | 48 +------------------ server/AyaNova/DataList/DataListFetcher.cs | 13 ++++- 3 files changed, 25 insertions(+), 51 deletions(-) diff --git a/server/AyaNova/Controllers/DataListController.cs b/server/AyaNova/Controllers/DataListController.cs index e2471770..30451b25 100644 --- a/server/AyaNova/Controllers/DataListController.cs +++ b/server/AyaNova/Controllers/DataListController.cs @@ -57,12 +57,19 @@ namespace AyaNova.Api.Controllers if (!ModelState.IsValid) return BadRequest(new ApiErrorResponse(ModelState)); - //check rights at some point here + long UserId = UserIdFromContext.Id(HttpContext.Items); - ApiPagedResponse pr = await DataListFetcher.GetResponse(listOptions.DataListKey, ct, Url, nameof(List), listOptions, MOCK_WIDGET_DISPLAY_TEMPLATE_JSON, UserId); - - return Ok(new ApiOkWithPagingResponse(pr)); + var UserRoles = UserRolesFromContext.Roles(HttpContext.Items); + try + { + ApiPagedResponse pr = await DataListFetcher.GetResponse(listOptions.DataListKey, ct, Url, nameof(List), listOptions, UserId, UserRoles); + return Ok(new ApiOkWithPagingResponse(pr)); + } + catch (System.NotSupportedException) + { + return StatusCode(403, new ApiNotAuthorizedResponse()); + } } diff --git a/server/AyaNova/DataList/DataListFactory.cs b/server/AyaNova/DataList/DataListFactory.cs index 6bae8476..b01f4f14 100644 --- a/server/AyaNova/DataList/DataListFactory.cs +++ b/server/AyaNova/DataList/DataListFactory.cs @@ -7,60 +7,16 @@ namespace AyaNova.DataList { internal static class DataListFactory { - // internal static IAyaDataList GetAyaDataList(string ListKey) - // { - // switch (ListKey) - // { - // case nameof(TestWidgetUserEmailDataList): - // return new TestWidgetUserEmailDataList(); - // case nameof(WidgetDataList): - // return new WidgetDataList(); - // default: - // throw new System.ArgumentOutOfRangeException($"DataListFactory: Unknown list \"{ListKey}\""); - // } - // } - - // private static List DataListList = null; - - // //To be called at startup - // private static void PopulateDataListCache() - // { - // System.Reflection.Assembly ass = System.Reflection.Assembly.GetEntryAssembly(); - // DataListList = new List(); - // foreach (System.Reflection.TypeInfo ti in ass.DefinedTypes) - // { - // if (!ti.IsAbstract && ti.ImplementedInterfaces.Contains(typeof(IAyaDataList))) - // { - // DataListList.Add(ti.Name); - // } - // } - // } //Instantiate list object specified - //this is safe as it's only called from our own code internally + //this is safe as it's only attempting to load assemblies in the AyaNova.DataList namespace so can't attempt to instantiate some random object or nefarious object internal static IAyaDataList GetAyaDataList(string ListKey) { System.Reflection.Assembly ass = System.Reflection.Assembly.GetEntryAssembly(); return ass.CreateInstance($"AyaNova.DataList.{ListKey}") as IAyaDataList; - - // if (DataListList == null) - // { - // throw new System.NullReferenceException($"DataListFactory::GetAyaDataList({ListKey}) -> The data list cache is empty!"); - // } - - // System.Reflection.Assembly ass = System.Reflection.Assembly.GetEntryAssembly(); - - // foreach (System.Reflection.TypeInfo ti in ass.DefinedTypes) - // { - // // if (!ti.IsAbstract && ti.ImplementedInterfaces.Contains(typeof(IAyaDataList))) - // if (ti.Name == ListKey) - // { - // return ass.CreateInstance(ti.FullName) as IAyaDataList; - // } - // } - // throw new System.ArgumentOutOfRangeException($"DEV ERROR in DataListFactory.cs: ListKey {ListKey} specified doesn't exist"); } + //List all the datalist types available internal static List GetListOfAllDataListKeyNames() { //https://stackoverflow.com/a/42574373/8939 diff --git a/server/AyaNova/DataList/DataListFetcher.cs b/server/AyaNova/DataList/DataListFetcher.cs index 8bb2c804..76e3846d 100644 --- a/server/AyaNova/DataList/DataListFetcher.cs +++ b/server/AyaNova/DataList/DataListFetcher.cs @@ -7,18 +7,29 @@ using Microsoft.AspNetCore.Mvc; using AyaNova.Models; using System.Threading.Tasks; using Microsoft.EntityFrameworkCore; +using EnumsNET; namespace AyaNova.DataList { internal static class DataListFetcher { internal static async Task GetResponse(string DataListKey, AyContext ct, IUrlHelper Url, - string routeName, ListOptions listOptions, long UserId) + string routeName, ListOptions listOptions, long UserId, AuthorizationRoles UserRoles) { // var AyaObjectFields = AyaObjectFieldDefinitions.AyaObjectFields(AyaObjectFieldDefinitions.TEST_WIDGET_USER_EMAIL_ADDRESS_LIST_KEY); var DataList = DataListFactory.GetAyaDataList(DataListKey); + //was the name not found as a list? + if (DataList == null) + { + throw new System.ArgumentOutOfRangeException($"DataList \"{DataListKey}\" specified does not exist"); + } + //check rights + if (!UserRoles.HasAnyFlags(DataList.AllowedRoles)) + { + throw new System.NotSupportedException("User roles insufficient for this datalist"); + } //TODO: FETCH DATALISTTEMPLATE HERE OR USE DEFAULT IF FAULTY OR NOT FOUND var JSONDataListTemplate = DataList.DefaultDataListDisplayTemplate;