private async Task <SecurityPolicyResult> EvaluatePackagePoliciesInternalAsync( SecurityPolicyAction action, Package package, User sourceAccount, User targetAccount, HttpContextBase httpContext, IEnumerable <UserSecurityPolicy> policies = null, bool auditSuccess = true) { policies = policies ?? targetAccount.SecurityPolicies; var relevantHandlers = PackageHandlers.Where(h => h.Action == action).ToList(); var packagePoliciesResult = SecurityPolicyResult.SuccessResult; foreach (var handler in relevantHandlers) { var foundPolicies = policies.Where(p => p.Name.Equals(handler.Name, StringComparison.OrdinalIgnoreCase)).ToList(); if (foundPolicies.Any()) { var context = new PackageSecurityPolicyEvaluationContext( _userService.Value, _packageOwnershipManagementService.Value, _telemetryService, foundPolicies, package, sourceAccount, targetAccount, httpContext); var result = await handler.EvaluateAsync(context); if (auditSuccess || !result.Success) { await Auditing.SaveAuditRecordAsync(new UserSecurityPolicyAuditRecord( context.TargetAccount.Username, GetAuditAction(action), foundPolicies, result.Success, result.ErrorMessage)); } if (!result.Success) { Diagnostics.Information( $"Security policy from subscription '{foundPolicies.First().Subscription}' - '{handler.Name}' failed with error '{result.ErrorMessage}'."); return(result); } if (result.HasWarnings) { if (packagePoliciesResult == SecurityPolicyResult.SuccessResult) { packagePoliciesResult = result; } else { packagePoliciesResult.AddWarnings(result.WarningMessages); } } } } return(packagePoliciesResult); }