Fix context sql #2344
Fix context sql #2344
Conversation
Added a new constant `ORIGINAL_ROLE_CLAIM_TYPE` in `AuthenticationOptions.cs` to store the original roles claim type. Modified `AuthorizationResolver` to preserve the original 'roles' claim by adding it to the `resolvedClaims` dictionary under the new key. Changed `MsSqlQueryExecutor` to set session context parameters with `@read_only = 0` to allow modifications.
This reverts commit 08f741c.
…ilder into fix_context_sql
M4Al
requested review from
Aniruddh25,
seantleonard,
aaronburtle,
abhishekkumams,
RubenCerna2079,
ravishetye,
rohkhann,
neeraj-sharma2592 and
sourabh1007
as code owners
| // Append statement to set read only param value - can be set only once for a connection. | ||
| string statementToSetReadOnlyParam = "EXEC sp_set_session_context " + $"'{claimType}', " + paramName + ", @read_only = 1;"; | ||
| string statementToSetReadOnlyParam = "EXEC sp_set_session_context " + $"'{claimType}', " + paramName + ", @read_only = 0;"; |
There was a problem hiding this comment.
curious, did you experience - your mutation operations being blocked because of this setting?
There was a problem hiding this comment.
Yes, the SQL Endpoint did reject the second query as described in #2341
|
/azp run |
remove trailing space Co-authored-by: Aniruddh Munde <[email protected]>
…ilder into fix_context_sql
Updated the constant `FIRST_URL` in `RequestParser.cs` within the `Azure.DataApiBuilder.Core.Parsers` namespace to use the value `"$top"` instead of `"$first"`. This change aligns with naming conventions or standards used elsewhere in the codebase or API, ensuring consistency and improving clarity for developers.
| @@ -30,7 +30,7 @@ public class RequestParser | |||
| /// <summary> | |||
| /// Prefix used for specifying limit in the query string of the URL. | |||
| /// </summary> | |||
| public const string FIRST_URL = "$first"; | |||
| public const string FIRST_URL = "$top"; | |||
There was a problem hiding this comment.
We will provide a synonym $top soon. Lets not make this change in this PR. Thank you for your patience.
| @@ -51,6 +51,13 @@ public static OkObjectResult FormatFindResult( | |||
| ? DetermineExtraFieldsInResponse(findOperationResponse, context.FieldsToBeReturned) | |||
| : DetermineExtraFieldsInResponse(findOperationResponse.EnumerateArray().First(), context.FieldsToBeReturned); | |||
|
|
|||
| //Remove RecordCOunt from extraFieldsInResponse if present | |||
| /* | |||
There was a problem hiding this comment.
If this code is not used, please remove it out completely.
| @@ -20,7 +20,7 @@ | |||
| <PackageVersion Include="Microsoft.AspNetCore.Http" Version="2.2.2" /> | |||
| <PackageVersion Include="Microsoft.Azure.Cosmos" Version="3.38.1" /> | |||
| <!--When updating Microsoft.Data.SqlClient, update license URL in scripts/notice-generation.ps1--> | |||
| <PackageVersion Include="Microsoft.Data.SqlClient" Version="5.2.0" /> | |||
| <PackageVersion Include="Microsoft.Data.SqlClient" Version="5.1.4" /> | |||
There was a problem hiding this comment.
Please retain the updated 5.2.0 version
| @@ -1,13 +1,13 @@ | |||
| # Version values referenced from https://hub.docker.com/_/microsoft-dotnet-aspnet | |||
|
|
|||
| FROM mcr.microsoft.com/dotnet/sdk:6.0-cbl-mariner2.0. AS build | |||
| FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build | |||
There was a problem hiding this comment.
we will soon update this to 8.0. Please refrain from doing so right now.
|
@M4Al , let us know if you would be able to address the comments... |
|
@Aniruddh25 is this something we could wrap? |
The original PR was useful. It now contains additional changes which are not really necessary like $top, DwSQL builder changes. We need to clean those up before merging this in. |
|
@M4Al, we will take this PR forward and merge from here. |
Why make this change?
What is this change?
The changes itself are quite simple and should break nothing, see the diff :-)
How was this tested?
I have not created/adapted any tests yet. Just looking for comments before I go there.
Sample Request(s)
Sample of a JWT token (only the relevant part)
X-MS-API-ROLE: user
before my change the extra 'roles' that do not match the X-MS-API-ROLE header would never reach the database context.
With my change you can do things like this in SQL Predicates to filter out only subsets of the data: