in src/Core/Resolvers/AuthorizationPolicyHelpers.cs [35:134]
public static void ProcessAuthorizationPolicies(
EntityActionOperation operationType,
BaseQueryStructure queryStructure,
HttpContext context,
IAuthorizationResolver authorizationResolver,
ISqlMetadataProvider sqlMetadataProvider)
{
if (!context.Request.Headers.TryGetValue(AuthorizationResolver.CLIENT_ROLE_HEADER, out StringValues roleHeaderValue))
{
throw new DataApiBuilderException(
message: "No ClientRoleHeader found in request context.",
statusCode: System.Net.HttpStatusCode.Forbidden,
subStatusCode: DataApiBuilderException.SubStatusCodes.AuthorizationCheckFailed);
}
string clientRoleHeader = roleHeaderValue.ToString();
List<EntityActionOperation>? elementalOperations = ResolveCompoundOperationToElementalOperations(operationType);
Dictionary<string, DatabaseObject> entitiesToProcess = new();
if (queryStructure is BaseSqlQueryStructure baseSqlQueryStructure)
{
ProcessFilter(
context: context,
authorizationResolver: authorizationResolver,
sqlMetadataProvider: sqlMetadataProvider,
clientRoleHeader: clientRoleHeader,
elementalOperations: elementalOperations,
entityName: queryStructure.EntityName,
entityDBObject: queryStructure.DatabaseObject,
postProcessCallback: (filterClause, elementalOperation) =>
{
baseSqlQueryStructure.ProcessOdataClause(filterClause, elementalOperation);
});
;
}
else if (sqlMetadataProvider is CosmosSqlMetadataProvider cosmosSqlMetadataProvider &&
queryStructure is CosmosQueryStructure cosmosQueryStructure)
{
Dictionary<string, List<EntityDbPolicyCosmosModel>> entityPaths = cosmosSqlMetadataProvider.EntityWithJoins;
foreach (KeyValuePair<string, List<EntityDbPolicyCosmosModel>> entity in entityPaths)
{
ProcessFilter(
context: context,
authorizationResolver: authorizationResolver,
sqlMetadataProvider: cosmosSqlMetadataProvider,
clientRoleHeader: clientRoleHeader,
elementalOperations: elementalOperations,
entityName: entity.Key,
entityDBObject: null,
postProcessCallback: (filterClause, _) =>
{
if (filterClause is null)
{
return;
}
foreach (EntityDbPolicyCosmosModel pathConfig in entity.Value)
{
string? existQuery = null;
string? fromClause = string.Empty;
string? predicates = string.Empty;
if (pathConfig.Alias is not null)
{
if (pathConfig.ColumnName is null || pathConfig.EntityName is null)
{
continue;
}
//Increment Table counter with the new JOIN so that we can have unique alias for each join
cosmosQueryStructure.TableCounter.Next();
fromClause = pathConfig.JoinStatement;
predicates = filterClause?.Expression.Accept(new ODataASTCosmosVisitor(pathConfig.Alias));
existQuery = CosmosQueryBuilder.BuildExistsQueryForCosmos(fromClause, predicates);
}
else
{
predicates = filterClause?.Expression.Accept(new ODataASTCosmosVisitor($"{pathConfig.Path}.{pathConfig.ColumnName}"));
}
if (pathConfig.EntityName == entity.Key)
{
if (!cosmosQueryStructure.DbPolicyPredicatesForOperations.TryGetValue(operationType, out string? _))
{
cosmosQueryStructure.DbPolicyPredicatesForOperations[operationType]
= existQuery ?? predicates;
}
else
{
cosmosQueryStructure.DbPolicyPredicatesForOperations[operationType]
+= $" AND {existQuery ?? predicates}";
}
}
}
});
}
}
}