Uploaded image for project: 'C# Driver'
  1. C# Driver
  2. CSHARP-4511

Allow specifying different AllowedTypes filter for serialization/deserialization

    • Type: Icon: Improvement Improvement
    • Resolution: Done
    • Priority: Icon: Unknown Unknown
    • 2.19.1
    • Affects Version/s: None
    • Component/s: None
    • None
    • Not Needed
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?

      CSHARP-4475 added an AllowedTypes filter to ObjectSerializer to prevent deserializing into unsafe types. However, it is currently being applied during both serialization and deserialization, which is negatively impacting the Realm .NET SDK which utilizes the object serializer in a lot of our public API. Since serialization is generally safe, regardless of the type provided, it would be beneficial to allow different filters for serializing vs deserializing using the ObjectSerializer.

      Example API affected by this change are:

      Unable to find source-code formatter for language: csharp. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
      // Call an Atlas App Services function
      Task<T> CallAsync<T>(string name, params object[] args) {}
      
      // Run an aggregation pipeline through the Atlas App Services
      // remote MongoDB client
      Task<TProjection[]> AggregateAsync<TProjection>(params object[] pipeline) {}
      
      // Invoke FindOneAndUpdate through the Atlas App Services
      // remote MongoDB client
      Task<TDocument> FindOneAndUpdateAsync(object filter, object updateDocument, object sort = null, object projection = null, bool upsert = false, bool returnNewDocument = false) {}
      

      As can be seen in those examples, the arguments we're accepting are untyped objects, which we serialize to json using ObjectSerializer and we're returning objects of a concrete type, which would typically use a different serializer type.

      (the reason we're using untyped API for a lot of these MongoDB operations is to allow developers the flexibility of using BsonDocument, their own POCOs representing filters/projections, or even anonymous objects - I realize this is a departure from the API exposed by the C# driver)

      Decoupling the serialization from deserialization filters gives us the flexibility to accept wide range of inputs, while still protecting users from accidentally deserializing unsafe types.

            Assignee:
            robert@mongodb.com Robert Stam
            Reporter:
            nikola.irinchev@mongodb.com Nikola Irinchev
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: