public CachedWhatIfPermission WhatIfRemovedFromTeam(CachedTeam team)
        {
            if (User.IsOwner)
            {
                return(new CachedWhatIfPermission(this, CachedPermission.Admin));
            }

            // Let's start by computing what we're getting from the repo directly.
            //
            // NOTE: This currently won't work because the GitHub API has no way to tell us
            //       direct repo permissions. For detais, see:
            //
            //              https://github.com/octokit/octokit.net/issues/2036)
            //
            //       Rather, it only gives us effective permissions. This means that if a user
            //       has 'admin' permissions through a team, but 'push' permissions by directly
            //       being added to a repo, running what-if for this repo/team will (incorrectly)
            //       conclude that the user was downgraded to 'pull' or lost access (if the repo
            //       is private).
            //
            //       However, the current code will work for cases where the permissions granted
            //       through the team is less than what was given via the repo directly.

            var maximumLevel = Repo.Users.Where(ua => ua.User == User && ua.Describe().IsCollaborator)
                               .Select(ua => (int)ua.Permission)
                               .DefaultIfEmpty(-1)
                               .Max();

            foreach (var teamAccess in Repo.Teams)
            {
                var teamAccessLevel = (int)teamAccess.Permission;

                foreach (var nestedTeam in teamAccess.Team.DescendentsAndSelf())
                {
                    if (nestedTeam == team)
                    {
                        continue;
                    }

                    if (!nestedTeam.Members.Contains(User))
                    {
                        continue;
                    }

                    maximumLevel = Math.Max(maximumLevel, teamAccessLevel);
                }
            }

            if (maximumLevel == -1)
            {
                return(new CachedWhatIfPermission(this, Repo.IsPrivate ? null : (CachedPermission?)CachedPermission.Pull));
            }

            var maximumPermission = (CachedPermission)maximumLevel;

            return(new CachedWhatIfPermission(this, maximumPermission));
        }
Exemple #2
0
        private async Task LoadTeamsAsync(CachedOrg cachedOrg)
        {
            await GitHubClient.PrintProgressAsync(Log, "Loading team list");

            var teams = await GitHubClient.Organization.Team.GetAll(cachedOrg.Name);

            var i = 0;

            foreach (var team in teams)
            {
                await GitHubClient.PrintProgressAsync(Log, "Loading team", team.Name, i ++, teams.Count);

                var cachedTeam = new CachedTeam
                {
                    Id       = team.Id.ToString(),
                    ParentId = team.Parent?.Id.ToString(),
                    Name     = team.Name
                };
                cachedOrg.Teams.Add(cachedTeam);

                var maintainerRequest = new TeamMembersRequest(TeamRoleFilter.Maintainer);
                var maintainers       = await GitHubClient.Organization.Team.GetAllMembers(team.Id, maintainerRequest);

                foreach (var maintainer in maintainers)
                {
                    cachedTeam.MaintainerLogins.Add(maintainer.Login);
                }

                await GitHubClient.WaitForEnoughQuotaAsync(Log);

                var memberRequest = new TeamMembersRequest(TeamRoleFilter.All);
                var members       = await GitHubClient.Organization.Team.GetAllMembers(team.Id, memberRequest);

                foreach (var member in members)
                {
                    cachedTeam.MemberLogins.Add(member.Login);
                }

                await GitHubClient.WaitForEnoughQuotaAsync(Log);

                foreach (var repo in await GitHubClient.Organization.Team.GetAllRepositories(team.Id))
                {
                    var permissionLevel = repo.Permissions.Admin
                                            ? CachedPermission.Admin
                                            : repo.Permissions.Push
                                                ? CachedPermission.Push
                                                : CachedPermission.Pull;

                    var cachedRepoAccess = new CachedTeamAccess
                    {
                        RepoName   = repo.Name,
                        Permission = permissionLevel
                    };
                    cachedTeam.Repos.Add(cachedRepoAccess);
                }
            }
        }