Cannot read the ReadOnly Property from SwaggerSchemaAttribute

[hany-g]

The getter of the ReadOnly property on SwaggerSchemaAttribute throws an exception and doesn't allow external code to use it. There is an internal only property (ReadOnlyFlag) that is used by the library. We need to read the ReadOnly property to do some verification on the input objects. Such as allow readonly properties to be null in an update request. Thanks!

[domaindrivendev]

The current access restrictions are by design because the attribute is only supposed to be used in conjunction with the AnnotationsSchemaFilter that's in the same library. It sounds like you're trying to use the same attribute for a different/unintended purpose.

Can you elaborate a little more on what you're using it for - code samples would help? Thanks

[hany-g]

Thanks for your response. We have some logic in our controller where we want clients to send updates on the schema objects without specifying changes to read-only properties (since they are not supposed to change from the schema specs point of view). On the service, we check for the readonly attribute and assume that this field was not changed. If it is changed, we return a bad request. This is why we need to read this attribute.

[domaindrivendev]

Still not enough info to understand what you're doing - please provide code samples that explain what you're doing in more detail. As I said, you're looking to piggy back on some implementation detail that's internal to Swashbuckle and I don't want to open that up for use-case I don't fully understand.

[hany-g]

Sorry for the delayed response. Here is what we do:

1. Given two objects (an Existing resource and an incoming resource from the client), we compare their properties using reflections:

PropertyInfo[] oldPropertyInfo = oldObject.GetType().GetProperties(BindingFlags.Public | BindingFlags.Instance).Where(p => p.CanRead));
PropertyInfo[] newPropertyInfo = newObject.GetType().GetProperties(BindingFlags.Public | BindingFlags.Instance).Where(p => p.CanRead));

2. Then we iterate on these properties to see if anything changed at all. If any of the properties changed, we try to see if the changed property was a readonly property or not since we allow readonly properties to be sent as null from the client and we assume that this is not a change. So we do the following:

SwaggerSchemaAttribute resourceModelSchemaAttribute = propertyInfo.GetCustomAttribute();
if (resourceModelSchemaAttribute == null)
{
return false;
}

PropertyInfo internalReadOnlyProperty = resourceModelSchemaAttribute.GetType().GetProperty("ReadOnlyFlag", BindingFlags.NonPublic | BindingFlags.Instance);
if (internalReadOnlyProperty == null)
{
return false;
}

object readOnlyValue = internalReadOnlyProperty.GetValue(resourceModelSchemaAttribute);
bool? readOnlyBoolean = readOnlyValue as bool?;
return readOnlyBoolean.HasValue && readOnlyBoolean.Value == true; // This means this is a swagger readonly attribute set to true.

We hope we can use the ReadOnly property directly to know whether the changed property is a swagger readonly attribute or not.

[hany-g]

Gentle reminder about this.

[hany-g]

Gentle reminder. Thank you!

[domaindrivendev]

As mentioned previously, the SwaggerSchemaAttribute is intended to be inspected by the Swashbuckle Annotations library exclusively. It seems you want to inspect it within your own custom code and this is a usecase that I'm not willing to support at this time. I recommend you define your own custom attribute for this purpose or even use the existing System.ComponentModel.ReadOnlyAttribute. The latter isn't currently supported by Swashbuckle but that's on the roadmap (see #1954) and in lieue of that, you could wire up support for it with a very simple schema filter (see readme).

[Aeroverra]

smh... I will need to double attribute my models to add my own checks during reflection mapping so future me doesn't cause a vulnerability.