/// <summary> /// A check-permission routine which runs checks by both name and Guid, and makes sure they agree /// </summary> private bool CheckPermission(Guid userId, Guid repoId, RepositoryAccessLevel level) { bool byGuid = _service.HasPermission(userId, repoId, level); bool byName = _service.HasPermission(userId, _repos.GetRepository(repoId).Name, level); Assert.IsTrue(byGuid == byName); return(byGuid); }
public bool HasPermission(Guid userId, Guid repositoryId, RepositoryAccessLevel requiredLevel) { var repositoryModel = Repository.GetRepository(repositoryId); if (userId == Guid.Empty) { // This is an anonymous user, the rules are different return CheckAnonymousPermission(repositoryModel, requiredLevel); } else { return CheckNamedUserPermission(userId, repositoryModel, requiredLevel); } }
public bool HasPermission(Guid userId, Guid repositoryId, RepositoryAccessLevel requiredLevel) { var repositoryModel = Repository.GetRepository(repositoryId); if (userId == Guid.Empty) { // This is an anonymous user, the rules are different return(CheckAnonymousPermission(repositoryModel, requiredLevel)); } else { return(CheckNamedUserPermission(userId, repositoryModel, requiredLevel)); } }
private bool CheckAnonymousPermission(RepositoryModel repository, RepositoryAccessLevel requiredLevel) { if (!repository.AnonymousAccess) { // There's no anon access at all to this repo return false; } switch (requiredLevel) { case RepositoryAccessLevel.Pull: return true; case RepositoryAccessLevel.Push: return repository.AllowAnonymousPush == RepositoryPushMode.Yes || (repository.AllowAnonymousPush == RepositoryPushMode.Global && UserConfiguration.Current.AllowAnonymousPush); case RepositoryAccessLevel.Administer: // No anonymous administrators ever return false; default: throw new ArgumentOutOfRangeException("requiredLevel", requiredLevel, null); } }
private bool HasPermission(Guid userId, IList <TeamModel> userTeams, bool userIsSystemAdministrator, RepositoryModel repositoryModel, RepositoryAccessLevel requiredLevel) { // All users can take advantage of the anonymous permissions if (CheckAnonymousPermission(repositoryModel, requiredLevel)) { Log.Verbose( "RepoPerms: Permitting user {UserId} anonymous permission {Permission} on repo {RepositoryName}", userId, requiredLevel, repositoryModel.Name); return(true); } if (userId == Guid.Empty) { // We have no named user return(false); } // Named users have more possibilities return(CheckNamedUserPermission(userId, userTeams, userIsSystemAdministrator, repositoryModel, requiredLevel)); }
private bool CheckNamedUserPermission(Guid userId, RepositoryModel repository, RepositoryAccessLevel requiredLevel) { if (userId == Guid.Empty) { throw new ArgumentException("Do not pass anonymous user id", "userId"); } bool userIsAnAdministrator = IsAnAdminstrator(userId, repository); var userIsATeamMember = TeamRepository.GetTeams(userId) .Any(x => repository.Teams.Select(y => y.Name).Contains(x.Name, StringComparer.OrdinalIgnoreCase)); var userIsARepoUser = repository.Users.Any(x => x.Id == userId); switch (requiredLevel) { case RepositoryAccessLevel.Push: case RepositoryAccessLevel.Pull: return userIsARepoUser || userIsATeamMember || userIsAnAdministrator; case RepositoryAccessLevel.Administer: return userIsAnAdministrator; default: throw new ArgumentOutOfRangeException("requiredLevel", requiredLevel, null); } }
private bool CheckAnonymousPermission(RepositoryModel repository, RepositoryAccessLevel requiredLevel) { if (!repository.AnonymousAccess) { // There's no anon access at all to this repo return(false); } switch (requiredLevel) { case RepositoryAccessLevel.Pull: return(true); case RepositoryAccessLevel.Push: return(UserConfiguration.Current.AllowAnonymousPush); case RepositoryAccessLevel.Administer: // No anonymous administrators ever return(false); default: throw new ArgumentOutOfRangeException("requiredLevel", requiredLevel, null); } }
public IEnumerable<RepositoryModel> GetAllPermittedRepositories(Guid userId, RepositoryAccessLevel requiredLevel) { return Repository.GetAllRepositories().Where(repo => HasPermission(userId, repo.Id, requiredLevel)); }
public IEnumerable<RepositoryModel> GetAllPermittedRepositories(Guid userId, RepositoryAccessLevel requiredLevel) { var userIsSystemAdministrator = IsSystemAdministrator(userId); var userTeams = TeamRepository.GetTeams(userId); return Repository.GetAllRepositories().Where(repo => HasPermission(userId, userTeams, userIsSystemAdministrator, repo, requiredLevel)); }
public IEnumerable <RepositoryModel> GetAllPermittedRepositories(Guid userId, RepositoryAccessLevel requiredLevel) { return(Repository.GetAllRepositories().Where(repo => HasPermission(userId, repo.Id, requiredLevel))); }
private bool CheckNamedUserPermission(Guid userId, IList <TeamModel> userTeams, bool userIsSystemAdministrator, RepositoryModel repository, RepositoryAccessLevel requiredLevel) { if (userId == Guid.Empty) { throw new ArgumentException("Do not pass anonymous user id", "userId"); } bool userIsAnAdministrator = userIsSystemAdministrator || repository.Administrators.Any(x => x.Id == userId); switch (requiredLevel) { case RepositoryAccessLevel.Push: case RepositoryAccessLevel.Pull: return(userIsAnAdministrator || UserIsARepoUser(userId, repository) || UserIsATeamMember(userTeams, repository)); case RepositoryAccessLevel.Administer: return(userIsAnAdministrator); default: throw new ArgumentOutOfRangeException("requiredLevel", requiredLevel, null); } }
public bool HasPermission(Guid userId, string repositoryName, RepositoryAccessLevel requiredLevel) { var repository = Repository.GetRepository(repositoryName); return(repository != null && HasPermission(userId, repository.Id, requiredLevel)); }
public IEnumerable <RepositoryModel> GetAllPermittedRepositories(Guid userId, RepositoryAccessLevel requiredLevel) { var userIsSystemAdministrator = IsSystemAdministrator(userId); var userTeams = TeamRepository.GetTeams(userId); return(Repository.GetAllRepositories().Where(repo => HasPermission(userId, userTeams, userIsSystemAdministrator, repo, requiredLevel))); }
private bool HasPermission(Guid userId, IList <TeamModel> userTeams, bool userIsSystemAdministrator, RepositoryModel repositoryModel, RepositoryAccessLevel requiredLevel) { if (userId == Guid.Empty) { // This is an anonymous user, the rules are different return(CheckAnonymousPermission(repositoryModel, requiredLevel)); } else { return(CheckNamedUserPermission(userId, userTeams, userIsSystemAdministrator, repositoryModel, requiredLevel)); } }
private bool HasPermission(Guid userId, IList<TeamModel> userTeams, bool userIsSystemAdministrator, RepositoryModel repositoryModel, RepositoryAccessLevel requiredLevel) { if (userId == Guid.Empty) { // This is an anonymous user, the rules are different return CheckAnonymousPermission(repositoryModel, requiredLevel); } else { return CheckNamedUserPermission(userId, userTeams, userIsSystemAdministrator, repositoryModel, requiredLevel); } }
private bool CheckNamedUserPermission(Guid userId, RepositoryModel repository, RepositoryAccessLevel requiredLevel) { if (userId == Guid.Empty) { throw new ArgumentException("Do not pass anonymous user id", "userId"); } bool userIsAnAdministrator = IsAnAdminstrator(userId, repository); var userIsATeamMember = TeamRepository.GetTeams(userId) .Any(x => repository.Teams.Select(y => y.Name).Contains(x.Name, StringComparer.OrdinalIgnoreCase)); var userIsARepoUser = repository.Users.Any(x => x.Id == userId); switch (requiredLevel) { case RepositoryAccessLevel.Push: case RepositoryAccessLevel.Pull: return(userIsARepoUser || userIsATeamMember || userIsAnAdministrator); case RepositoryAccessLevel.Administer: return(userIsAnAdministrator); default: throw new ArgumentOutOfRangeException("requiredLevel", requiredLevel, null); } }
public bool HasPermission(Guid userId, string repositoryName, RepositoryAccessLevel requiredLevel) { var repository = Repository.GetRepository(repositoryName); return repository != null && HasPermission(userId, repository.Id, requiredLevel); }
private bool CheckNamedUserPermission(Guid userId, IList<TeamModel> userTeams, bool userIsSystemAdministrator, RepositoryModel repository, RepositoryAccessLevel requiredLevel) { if (userId == Guid.Empty) { throw new ArgumentException("Do not pass anonymous user id", "userId"); } bool userIsAnAdministrator = userIsSystemAdministrator || repository.Administrators.Any(x => x.Id == userId); switch (requiredLevel) { case RepositoryAccessLevel.Push: case RepositoryAccessLevel.Pull: return userIsAnAdministrator || UserIsARepoUser(userId, repository) || UserIsATeamMember(userTeams, repository); case RepositoryAccessLevel.Administer: return userIsAnAdministrator; default: throw new ArgumentOutOfRangeException("requiredLevel", requiredLevel, null); } }
public bool HasPermission(Guid userId, Guid repositoryId, RepositoryAccessLevel requiredLevel) { return HasPermission(userId, TeamRepository.GetTeams(userId), IsSystemAdministrator(userId), Repository.GetRepository(repositoryId), requiredLevel); }
/// <summary> /// A check-permission routine which runs checks by both name and Guid, and makes sure they agree /// </summary> private bool CheckPermission(Guid userId, Guid repoId, RepositoryAccessLevel level) { bool byGuid = _service.HasPermission(userId, repoId, level); bool byName = _service.HasPermission(userId, _repos.GetRepository(repoId).Name, level); Assert.IsTrue(byGuid == byName); return byGuid; }
public bool HasPermission(Guid userId, Guid repositoryId, RepositoryAccessLevel requiredLevel) { return(HasPermission(userId, TeamRepository.GetTeams(userId), IsSystemAdministrator(userId), Repository.GetRepository(repositoryId), requiredLevel)); }