/// <summary>
/// A check-permission routine which runs checks by both name and Guid, and makes sure they agree
/// </summary>
private bool CheckPermission(Guid userId, Guid repoId, RepositoryAccessLevel level)
{
bool byGuid = _service.HasPermission(userId, repoId, level);
bool byName = _service.HasPermission(userId, _repos.GetRepository(repoId).Name, level);
Assert.IsTrue(byGuid == byName);
return(byGuid);
}
public bool HasPermission(Guid userId, Guid repositoryId, RepositoryAccessLevel requiredLevel)
{
var repositoryModel = Repository.GetRepository(repositoryId);
if (userId == Guid.Empty)
{
// This is an anonymous user, the rules are different
return CheckAnonymousPermission(repositoryModel, requiredLevel);
}
else
{
return CheckNamedUserPermission(userId, repositoryModel, requiredLevel);
}
}
public bool HasPermission(Guid userId, Guid repositoryId, RepositoryAccessLevel requiredLevel)
{
var repositoryModel = Repository.GetRepository(repositoryId);
if (userId == Guid.Empty)
{
// This is an anonymous user, the rules are different
return(CheckAnonymousPermission(repositoryModel, requiredLevel));
}
else
{
return(CheckNamedUserPermission(userId, repositoryModel, requiredLevel));
}
}
private bool CheckAnonymousPermission(RepositoryModel repository, RepositoryAccessLevel requiredLevel)
{
if (!repository.AnonymousAccess)
{
// There's no anon access at all to this repo
return false;
}
switch (requiredLevel)
{
case RepositoryAccessLevel.Pull:
return true;
case RepositoryAccessLevel.Push:
return repository.AllowAnonymousPush == RepositoryPushMode.Yes || (repository.AllowAnonymousPush == RepositoryPushMode.Global && UserConfiguration.Current.AllowAnonymousPush);
case RepositoryAccessLevel.Administer:
// No anonymous administrators ever
return false;
default:
throw new ArgumentOutOfRangeException("requiredLevel", requiredLevel, null);
}
}
private bool HasPermission(Guid userId, IList <TeamModel> userTeams, bool userIsSystemAdministrator,
RepositoryModel repositoryModel, RepositoryAccessLevel requiredLevel)
{
// All users can take advantage of the anonymous permissions
if (CheckAnonymousPermission(repositoryModel, requiredLevel))
{
Log.Verbose(
"RepoPerms: Permitting user {UserId} anonymous permission {Permission} on repo {RepositoryName}",
userId,
requiredLevel,
repositoryModel.Name);
return(true);
}
if (userId == Guid.Empty)
{
// We have no named user
return(false);
}
// Named users have more possibilities
return(CheckNamedUserPermission(userId, userTeams, userIsSystemAdministrator, repositoryModel, requiredLevel));
}
private bool CheckNamedUserPermission(Guid userId, RepositoryModel repository, RepositoryAccessLevel requiredLevel)
{
if (userId == Guid.Empty) { throw new ArgumentException("Do not pass anonymous user id", "userId"); }
bool userIsAnAdministrator = IsAnAdminstrator(userId, repository);
var userIsATeamMember =
TeamRepository.GetTeams(userId)
.Any(x => repository.Teams.Select(y => y.Name).Contains(x.Name, StringComparer.OrdinalIgnoreCase));
var userIsARepoUser = repository.Users.Any(x => x.Id == userId);
switch (requiredLevel)
{
case RepositoryAccessLevel.Push:
case RepositoryAccessLevel.Pull:
return userIsARepoUser || userIsATeamMember || userIsAnAdministrator;
case RepositoryAccessLevel.Administer:
return userIsAnAdministrator;
default:
throw new ArgumentOutOfRangeException("requiredLevel", requiredLevel, null);
}
}
private bool CheckAnonymousPermission(RepositoryModel repository, RepositoryAccessLevel requiredLevel)
{
if (!repository.AnonymousAccess)
{
// There's no anon access at all to this repo
return(false);
}
switch (requiredLevel)
{
case RepositoryAccessLevel.Pull:
return(true);
case RepositoryAccessLevel.Push:
return(UserConfiguration.Current.AllowAnonymousPush);
case RepositoryAccessLevel.Administer:
// No anonymous administrators ever
return(false);
default:
throw new ArgumentOutOfRangeException("requiredLevel", requiredLevel, null);
}
}
public IEnumerable<RepositoryModel> GetAllPermittedRepositories(Guid userId, RepositoryAccessLevel requiredLevel)
{
return Repository.GetAllRepositories().Where(repo => HasPermission(userId, repo.Id, requiredLevel));
}
public IEnumerable<RepositoryModel> GetAllPermittedRepositories(Guid userId, RepositoryAccessLevel requiredLevel)
{
var userIsSystemAdministrator = IsSystemAdministrator(userId);
var userTeams = TeamRepository.GetTeams(userId);
return Repository.GetAllRepositories().Where(repo => HasPermission(userId, userTeams, userIsSystemAdministrator, repo, requiredLevel));
}
public IEnumerable <RepositoryModel> GetAllPermittedRepositories(Guid userId, RepositoryAccessLevel requiredLevel)
{
return(Repository.GetAllRepositories().Where(repo => HasPermission(userId, repo.Id, requiredLevel)));
}
private bool CheckNamedUserPermission(Guid userId, IList <TeamModel> userTeams, bool userIsSystemAdministrator, RepositoryModel repository, RepositoryAccessLevel requiredLevel)
{
if (userId == Guid.Empty)
{
throw new ArgumentException("Do not pass anonymous user id", "userId");
}
bool userIsAnAdministrator = userIsSystemAdministrator || repository.Administrators.Any(x => x.Id == userId);
switch (requiredLevel)
{
case RepositoryAccessLevel.Push:
case RepositoryAccessLevel.Pull:
return(userIsAnAdministrator ||
UserIsARepoUser(userId, repository) ||
UserIsATeamMember(userTeams, repository));
case RepositoryAccessLevel.Administer:
return(userIsAnAdministrator);
default:
throw new ArgumentOutOfRangeException("requiredLevel", requiredLevel, null);
}
}
public bool HasPermission(Guid userId, string repositoryName, RepositoryAccessLevel requiredLevel)
{
var repository = Repository.GetRepository(repositoryName);
return(repository != null && HasPermission(userId, repository.Id, requiredLevel));
}
public IEnumerable <RepositoryModel> GetAllPermittedRepositories(Guid userId, RepositoryAccessLevel requiredLevel)
{
var userIsSystemAdministrator = IsSystemAdministrator(userId);
var userTeams = TeamRepository.GetTeams(userId);
return(Repository.GetAllRepositories().Where(repo => HasPermission(userId, userTeams, userIsSystemAdministrator, repo, requiredLevel)));
}
private bool HasPermission(Guid userId, IList <TeamModel> userTeams, bool userIsSystemAdministrator, RepositoryModel repositoryModel, RepositoryAccessLevel requiredLevel)
{
if (userId == Guid.Empty)
{
// This is an anonymous user, the rules are different
return(CheckAnonymousPermission(repositoryModel, requiredLevel));
}
else
{
return(CheckNamedUserPermission(userId, userTeams, userIsSystemAdministrator, repositoryModel, requiredLevel));
}
}
private bool HasPermission(Guid userId, IList<TeamModel> userTeams, bool userIsSystemAdministrator, RepositoryModel repositoryModel, RepositoryAccessLevel requiredLevel)
{
if (userId == Guid.Empty)
{
// This is an anonymous user, the rules are different
return CheckAnonymousPermission(repositoryModel, requiredLevel);
}
else
{
return CheckNamedUserPermission(userId, userTeams, userIsSystemAdministrator, repositoryModel, requiredLevel);
}
}
private bool CheckNamedUserPermission(Guid userId, RepositoryModel repository, RepositoryAccessLevel requiredLevel)
{
if (userId == Guid.Empty)
{
throw new ArgumentException("Do not pass anonymous user id", "userId");
}
bool userIsAnAdministrator = IsAnAdminstrator(userId, repository);
var userIsATeamMember =
TeamRepository.GetTeams(userId)
.Any(x => repository.Teams.Select(y => y.Name).Contains(x.Name, StringComparer.OrdinalIgnoreCase));
var userIsARepoUser = repository.Users.Any(x => x.Id == userId);
switch (requiredLevel)
{
case RepositoryAccessLevel.Push:
case RepositoryAccessLevel.Pull:
return(userIsARepoUser || userIsATeamMember || userIsAnAdministrator);
case RepositoryAccessLevel.Administer:
return(userIsAnAdministrator);
default:
throw new ArgumentOutOfRangeException("requiredLevel", requiredLevel, null);
}
}
public bool HasPermission(Guid userId, string repositoryName, RepositoryAccessLevel requiredLevel)
{
var repository = Repository.GetRepository(repositoryName);
return repository != null && HasPermission(userId, repository.Id, requiredLevel);
}
private bool CheckNamedUserPermission(Guid userId, IList<TeamModel> userTeams, bool userIsSystemAdministrator, RepositoryModel repository, RepositoryAccessLevel requiredLevel)
{
if (userId == Guid.Empty) { throw new ArgumentException("Do not pass anonymous user id", "userId"); }
bool userIsAnAdministrator = userIsSystemAdministrator || repository.Administrators.Any(x => x.Id == userId);
switch (requiredLevel)
{
case RepositoryAccessLevel.Push:
case RepositoryAccessLevel.Pull:
return userIsAnAdministrator ||
UserIsARepoUser(userId, repository) ||
UserIsATeamMember(userTeams, repository);
case RepositoryAccessLevel.Administer:
return userIsAnAdministrator;
default:
throw new ArgumentOutOfRangeException("requiredLevel", requiredLevel, null);
}
}
public bool HasPermission(Guid userId, Guid repositoryId, RepositoryAccessLevel requiredLevel)
{
return HasPermission(userId, TeamRepository.GetTeams(userId), IsSystemAdministrator(userId), Repository.GetRepository(repositoryId), requiredLevel);
}
/// <summary>
/// A check-permission routine which runs checks by both name and Guid, and makes sure they agree
/// </summary>
private bool CheckPermission(Guid userId, Guid repoId, RepositoryAccessLevel level)
{
bool byGuid = _service.HasPermission(userId, repoId, level);
bool byName = _service.HasPermission(userId, _repos.GetRepository(repoId).Name, level);
Assert.IsTrue(byGuid == byName);
return byGuid;
}
public bool HasPermission(Guid userId, Guid repositoryId, RepositoryAccessLevel requiredLevel)
{
return(HasPermission(userId, TeamRepository.GetTeams(userId), IsSystemAdministrator(userId), Repository.GetRepository(repositoryId), requiredLevel));
}
