go to post David Hockenbroch · Jan 11 When using $EXTRACT, you use a * to signify an offset from the end of a string. So if you did $EXTRACT(Str,1,*-1) you would have the string with the last character removed. Also note that the arguments for the $EXTRACT are the string, the starting character, and the ending character, so in the examples you gave, you're actually telling it to extract from Str starting at Length(Str)-1. You need to have a 1 in there as the second argument to go from the beginning to that character.
go to post David Hockenbroch · Jan 2 You say you've been able make the tables read only and not "everything". What are the accessing besides tables?
go to post David Hockenbroch · Dec 29, 2023 You can also use the $ROLES special variable to do that. It contains both the user's assigned roles and any roles you've added during the process. You can't change the user roles, but if you set it that will add a role. So you could do: set $ROLES = "%All" Or whatever role you need to add, then do the stuff that requires that roles, then do: set $ROLES = "" That will take away the %All role you added, reverting the process to just the user's normal roles.
go to post David Hockenbroch · Dec 20, 2023 If your IDList is a string, you'd have to use WHERE 10 %INLIST $LISTFROMSTRING(IDList,' ') so that the string is converted to an actual list for %INLIST to work.
go to post David Hockenbroch · Dec 19, 2023 Maybe that's old code that's been carried over through some copying and pasting. I have a Cache 2012 instance and Name is not required in it.
go to post David Hockenbroch · Dec 19, 2023 Just to be clear, are you trying to run the OS-level command on the server, or on the client? If you're trying to run it on the server, check the documentation for the $ZF -100 command. If you're trying to run it on the client, you're going to run into all kinds of security issues, and for very good reasons. Edit: just saw that you're on Cache 2013. You might have to use $ZF -1 instead of -100.
go to post David Hockenbroch · Dec 15, 2023 In my opinion, if you have a page that doesn't necessarily need to have any user interface elements - %CSP.StreamServer is a good example - that's the primary case for extending %CSP.Page. If you need a UI, then a csp page is easier to deal with.
go to post David Hockenbroch · Dec 14, 2023 @Marc Mundt's comment here might be helpful. You'll need to instantiate some %Net.MIMPart objects, put them together, and send them.
go to post David Hockenbroch · Nov 9, 2023 My mistake, Scott, I thought you just had Apache running on its default ports and were trying to figure out how to make the other requests also go there.
go to post David Hockenbroch · Nov 9, 2023 The requests using port 52773 aren't even going to get to Apache, so you can't solve this problem by changing your Apache configuration. You would have to make your router forward traffic between your server and your other PCs on port 52773 to port 80 (for HTTP) or port 443 (HTTPS).
go to post David Hockenbroch · Nov 8, 2023 Could you maybe use $LISTTOSTRING using a delimiter that works for you (something unlikely to be in your actual list data), convert that to uppercase, then use $LISTFROMSTRING to get it back into $LIST format with everything capitalized and not breaking the list?
go to post David Hockenbroch · Nov 8, 2023 That's an issue with the SSL certificate on the server. It's the kind of error you'd see if the domains on the SSL certificate don't match the domain being used to access the website. SSL certificates are a little out of my areas of expertise, so I'm not sure how you determine what you need to do to fix that.
go to post David Hockenbroch · Nov 7, 2023 If this is on a Windows machine, IIS will return a 404.8 error when its "hidden segment" request filtering blocks something. Here's the documentation on it.
go to post David Hockenbroch · Oct 26, 2023 Yes, security settings can get down to a columnar level. Also, if what you're querying is a view rather than a table, or if the ID column is defined to be something other than ID, that column just might not exist. Also for clarification, when you use the select *, are you getting an Id column in the resulting data?
go to post David Hockenbroch · Oct 26, 2023 I haven't touched PHP in a bit, but are you binding your columns? I seem to remember PHP things getting a little finicky about making sure you do that before you fetch if you were specifying columns in the query, but not if you were doing a select *.
go to post David Hockenbroch · Oct 25, 2023 I didn't check the credentials because this all takes place after the user has already been through the authentication process. If they aren't valid, they wouldn't get this far anyway. My approach is dealing with just the authorization, not the authentication. I still use $SYSTEM.Security.Check to see if the process has the right permissions. As you said, it comes down to personal preference. One of my preferences is not messing with the authentication processes if I don't have to. That way I don't have to account for all of the different authentication options, and they could all still be used.
go to post David Hockenbroch · Oct 24, 2023 I was actually pondering this question myself for an article I'm working on. I ended up in a very different place than you did, though. I created an Abstract class that extends %CSP.REST and overrides the XData schema, the DispatchMap method, and the DispatchRequest method. If I extend this class - which I've called REST.Resourceful - I can include a resource in the URL map as a resource:permission pair. For example: <Route Url="/securetest" Method="GET" Call="securetest" Resource="MyResource:U" /> Will only allow you to access the /securetest endpoint if the user has Use permission on the resource "MyResource". If you don't, you get a 401 error. If I leave out the Resource attribute on that node, it doesn't check for any additional resources. Source code is below. If you search the text for my initials, DLH, you'll see comments where I've made changes in the method, plus I added the attribute "Resource" to the XData schema. /// Extends the %CSP.REST class to include securing of endpoints by resource in the URL mapClass REST.Resourceful Extends %CSP.REST [ Abstract ]{ XData Schema [ Internal ]{<?xml version="1.0"?><xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" > <xs:element name="Routes"><xs:complexType><xs:choice minOccurs="0" maxOccurs="unbounded"><xs:element name="Route"><xs:complexType><xs:attribute name="Url" type="string" use="required"/><xs:attribute name="Method" type="string" use="required"/><xs:attribute name="Call" type="call" use="required"/><xs:attribute name="Cors" type="xs:boolean" use="optional" default="false"/><xs:attribute name="Resource" type="string" use="optional" default=" "/></xs:complexType></xs:element><xs:element name="Map"><xs:complexType><xs:attribute name="Prefix" type="string" use="required"/><xs:attribute name="Forward" type="forward" use="required"/></xs:complexType></xs:element></xs:choice></xs:complexType></xs:element> <xs:simpleType name="call"><xs:restriction base="xs:string"><xs:pattern value="([%]?[a-zA-Z][a-zA-Z0-9]*(\.[a-zA-Z][a-zA-Z0-9]*)*:)?[%]?[a-zA-Z][a-zA-Z0-9]*"/></xs:restriction></xs:simpleType> <xs:simpleType name="forward"><xs:restriction base="xs:string"><xs:pattern value="([%]?[a-zA-Z][a-zA-Z0-9]*(\.[a-zA-Z][a-zA-Z0-9]*)*)"/></xs:restriction></xs:simpleType> <xs:simpleType name="string"><xs:restriction base="xs:string"><xs:minLength value="1"/></xs:restriction></xs:simpleType> </xs:schema>} /// This generator creates the DispatchMap Method used to dispatch the Url and Method to the associated target methodClassMethod DispatchMap(pIndex As %Integer) As %String [ CodeMode = generator ]{#dim tSC As %Status = $$$OK #dim e As %Exception.AbstractException #dim tStream As %Stream.TmpCharacter #dim tHandler As %XML.ImportHandler #dim tCompiledClass As %Dictionary.CompiledClass #dim tArgCount,tIndex,tI,tCounter As %Integer #dim tArgs,tChild,tClassName,tCall,tCors,tForward,tError,tMap,tMethod,tPattern,tPiece,tPrefix,tType,tUrl,tResource As %String Try { Set tClassName=%classname #; Don't run on base class If tClassName="%CSP.REST" Quit #; Find named XDATA block If ##class(%Dictionary.CompiledXData).%ExistsId(tClassName_"||UrlMap") { Set tCompiledClass=##class(%Dictionary.CompiledClass).%OpenId(tClassName,,.tSC) If '$IsObject(tCompiledClass)||$$$ISERR(tSC) Quit Set tIndex = tCompiledClass.XDatas.FindObjectId(tClassName_"||UrlMap") If tIndex="" Set tSC=$$$ERROR($$$XDataBlockMissing,tClassName,"UrlMap") Quit #; Get XDATA as stream Set tStream = tCompiledClass.XDatas.GetAt(tIndex).Data Do tStream.Rewind() #; Create an XML import handler ( use the internal handler ) Set tHandler=##class(%XML.ImportHandler).%New("CacheTemp",$$$IntHandler) #; Create the Entity Resolver Set tResolver=##class(%XML.SAX.XDataEntityResolver).%New(tClassName) #; Parse the XML data in the specfied stream Set tSC=##Class(%XML.SAX.Parser).ParseStream(tStream,tHandler,tResolver,,,"Schema") If $$$ISERR(tSC) Quit #; Copy tree because handler will delete its copy when it goes out of scope Merge tMap=@tHandler.DOMName@(tHandler.Tree) If $Data(tMap("error"))||$Data(tMap("warning")) { Set tSC=$$$ERROR($$$InvalidDispatchMap) For tType="error","warning" { Set tIndex = "" For { Set tIndex=$Order(tMap(tType,tIndex),1,tError) If tIndex="" Quit Set tSC=$$$ADDSC(tSC,$$$ERROR($$$GeneralError,tError)) } } Quit } #; Walk the xml and generate the routing map Set tChild="",tCounter=0 For { Set tChild=$Order(tMap(1,"c",tChild)) If tChild="" Quit If tMap(tChild)="Route" { #; Need to substitute capture groups for arguments #; Added setting of tResource based on URL map - DLH Set tPattern="",tArgCount=0,tUrl=tMap(tChild,"a","Url"),tCors=tMap(tChild,"a","Cors"),tResource=tMap(tChild,"a","Resource") #; Substitute variable placeholders for capture group For tI=1:1:$Length(tUrl,"/") { Set tPiece=$Piece(tUrl,"/",tI) If $Extract(tPiece)=":" { Set $Piece(tPattern,"/",tI)="([^"_$Char(0)_"]+)" } else { Set $Piece(tPattern,"/",tI)=tPiece } } Set tPattern=$Translate(tPattern,$Char(0),"/") Set tCounter=$Increment(tCounter),tMethod=tMap(tChild,"a","Method"),tCall=$Get(tMap(tChild,"a","Call")) #; Added getting resource from the URL Map here. - DLH $$$GENERATE(" If pIndex="_tCounter_" Quit $ListBuild(""R"","""_tPattern_""","""_tMethod_""","""_tCall_""","""_tCors_""","""_tResource_""")") } else { Set tCounter=$Increment(tCounter),tPrefix=tMap(tChild,"a","Prefix"),tForward=$Get(tMap(tChild,"a","Forward")) #; Need to substitute capture groups for arguments Set tPattern="" For tI=2:1:$Length(tPrefix,"/") { Set tPiece=$Piece(tPrefix,"/",tI) If $Extract(tPiece)=":" { Set tPattern=tPattern_"/[^/]+" } else { Set tPattern=tPattern_"/"_tPiece } } Set tPattern = "("_ tPattern _ ")/.*" $$$GENERATE(" If pIndex="_tCounter_" Quit $ListBuild(""M"","""_tPattern_""","""_tForward_""")") } } $$$GENERATE(" Quit """"") } else { #; The specified class must have an XDATA Block named UrlMap Set tSC=$$$ERROR($$$XDataBlockMissing,tClassName,"UrlMap") } } Catch (e) { Set tSC=e.AsStatus() } Quit tSC} /// Dispatch a REST request according to URL and MethodClassMethod DispatchRequest(pUrl As %String, pMethod As %String, pForwarded As %Boolean = 0) As %Status{ #dim tSC As %Status = $$$OK #dim e As %Exception.AbstractException #dim tMatcher As %Regex.Matcher #dim tArgs,tClass,tMatchUrl,tMapEntry,tRegEx,tCall,tForward,tAccess,tSupportedVerbs,tTarget,tType As %String #dim tI,tIndex As %Integer #dim tResourceMatched,tContinue As %Boolean #dim tMethodMatched As %Boolean Try { Set (tResourceMatched,tMethodMatched)=0 #; Initializing tSecurityResourceMatched - DLH Set tSecurityResourceMatched = 1 #; Extract the match url from the application name If (0=pForwarded) { Set tMatchUrl="/"_$Extract(pUrl,$Length(%request.Application)+1,*) } else { Set tMatchUrl=pUrl } #; Uppercase the method Set pMethod=$ZCVT(pMethod,"U") #; Pre-Dispatch Set tContinue=1,tSC=..OnPreDispatch(tMatchUrl,pMethod,.tContinue) If $$$ISERR(tSC) Quit #; It's the users responsibility to return the response in OnPreDispatch() if Continue = 0 If tContinue=0 Quit #; Walk the dispatch map in collation order of defintion For tIndex=1:1 { #; Get the next map entry Set tMapEntry=..DispatchMap(tIndex) If tMapEntry="" Quit #; Pick out the RegEx Set tRegEx=$List(tMapEntry,2) #; Create a matcher Set tMatcher=##class(%Regex.Matcher).%New(tRegEx) #; Test each regular expression in turn, extracting the arguments, #; dispatching to the named method If tMatcher.Match(tMatchUrl) {#; We have matched the resource Set tResourceMatched=1 #; Logic to check the resource from the URL map set tResource = $List(tMapEntry,6) If tResource '= " "{ If $SYSTEM.Security.Check($P(tResource,":",1),$P(tResource,":",2))=0{ Set tSecurityResourceMatched=0 } } #; Added an if so the method only gets dispatched if we have the resource permission If tSecurityResourceMatched = 1{ Set tType=$List(tMapEntry,1) #; If we are a simple route If tType="R" { #; Support OPTIONS VERB (cannot be overriden) If pMethod="OPTIONS" { Set tMethodMatched=1 Set tSC=..OnHandleOptionsRequest(tMatchUrl) If $$$ISERR(tSC) Quit #; Dispatch CORS Set tSC=..ProcessCorsRequest(pUrl,$list(tMapEntry,5)) If $$$ISERR(tSC) Quit Quit } #; comparison is case-insensitive now If pMethod'=$ZCVT($List(tMapEntry,3),"U") Continue Set tTarget=$List(tMapEntry,4) #; We have matched a method Set tMethodMatched=1 #; Dispatch CORS Set tSC=..ProcessCorsRequest(pUrl,$list(tMapEntry,5)) If $$$ISERR(tSC) Quit #; Got a match, marshall the arguments can call directly If tMatcher.GroupCount { For tI=1:1:tMatcher.GroupCount Set tArgs(tI)=tMatcher.Group(tI) Set tArgs=tI } else { Set tArgs=0 } #; Check for optional ClassName prefix Set tClass=$classname() If tTarget[":" Set tClass=$Piece(tTarget,":"),tTarget=$Piece(tTarget,":",2) #; Dispatch Set tSC=$zobjclassmethod(tClass,tTarget,tArgs...) } else { #; We are a map, massage the URL and forward the request Set tMatchUrl=$piece(tMatchUrl,tMatcher.Group(1),"2",*),tForward=$ListGet(tMapEntry,3) Set (tResourceMatched,tMethodMatched)=1 #; Dispatch with modified URL Set tSC=$zobjclassmethod(tForward,"DispatchRequest",tMatchUrl,pMethod,1) } If $$$ISERR(tSC) Quit #; Don't want multiple matches Quit } } } #; Didn't have permission for the resource required by this enpoint; return 401 - DLH If tSecurityResourceMatched = 0 Set tSC=..ReportHttpStatusCode(..#HTTP401UNAUTHORIZED) Quit #; Didn't have a match for the resource, report not found If tResourceMatched=0 Set tSC=..ReportHttpStatusCode(..#HTTP404NOTFOUND) Quit #; Had a match for resource but method not matched If tMethodMatched=0 { Set tSC=..SupportedVerbs(tMatchUrl,.tSupportedVerbs) If $$$ISERR(tSC) Quit Set tSC=..Http405(tSupportedVerbs) Quit } } Catch (e) { Set tSC=e.AsStatus() } Quit tSC} }
go to post David Hockenbroch · Oct 19, 2023 What indices are defined for your data, and have you tried rebuilding them?
go to post David Hockenbroch · Oct 10, 2023 I don't typically use Ensemble for my REST services, but I do see a couple of things. First, in the documentation you linked to, pOutput is a %DynamicObject, not a %RegisteredObject. %RegisteredObject does not have a %ToJSON() method. Second, in your PostMessage method, the line "return pResponse" shouldn't be there.