public async Task AddPackageOwnerAsync(PackageRegistration package, User newOwner) { package.Owners.Add(newOwner); await _packageRepository.CommitChangesAsync(); if (_securityPolicyService.IsSubscribed(newOwner, AutomaticallyOverwriteRequiredSignerPolicy.PolicyName)) { await SetRequiredSignerAsync(package, newOwner); } }
private static bool CanEditRequiredSigner(Package package, User currentUser, ISecurityPolicyService securityPolicyService, IEnumerable <User> owners) { var currentUserCanManageRequiredSigner = false; var currentUserHasRequiredSignerControl = false; var noOwnerHasRequiredSignerControl = true; foreach (var owner in owners) { if (!currentUserCanManageRequiredSigner && ActionsRequiringPermissions.ManagePackageRequiredSigner.CheckPermissions(currentUser, owner, package) == PermissionsCheckResult.Allowed) { currentUserCanManageRequiredSigner = true; } if (!currentUserHasRequiredSignerControl) { if (securityPolicyService.IsSubscribed(owner, ControlRequiredSignerPolicy.PolicyName)) { noOwnerHasRequiredSignerControl = false; if (owner == currentUser) { currentUserHasRequiredSignerControl = true; } else { currentUserHasRequiredSignerControl = (owner as Organization)?.GetMembershipOfUser(currentUser)?.IsAdmin ?? false; } } } } var canEditRequiredSigned = currentUserCanManageRequiredSigner && (currentUserHasRequiredSignerControl || noOwnerHasRequiredSignerControl); return(canEditRequiredSigned); }
private ListPackageItemRequiredSignerViewModel SetupInternal( ListPackageItemRequiredSignerViewModel viewModel, Package package, User currentUser, bool wasAADLoginOrMultiFactorAuthenticated) { if (currentUser == null) { throw new ArgumentNullException(nameof(currentUser)); } var owners = package.PackageRegistration?.Owners ?? Enumerable.Empty <User>(); if (owners.Any()) { viewModel.ShowRequiredSigner = true; viewModel.CanEditRequiredSigner = CanEditRequiredSigner(package, currentUser, _securityPolicyService, owners); var requiredSigner = package.PackageRegistration?.RequiredSigners.FirstOrDefault(); if (requiredSigner == null) { if (owners.Count() == 1) { viewModel.RequiredSigner = GetSignerViewModel(owners.Single()); } else { viewModel.RequiredSigner = AnySigner; } } else { viewModel.RequiredSigner = GetSignerViewModel(requiredSigner); } if (viewModel.CanEditRequiredSigner) { if (owners.Count() == 1) { if (requiredSigner != null && requiredSigner != currentUser) { // Suppose users A and B own a package and user A is the required signer. // Then suppose user A removes herself as package owner. // User B must be able to change the required signer. viewModel.AllSigners = new[] { viewModel.RequiredSigner, GetSignerViewModel(currentUser) }; } else { viewModel.AllSigners = new List <SignerViewModel>(); viewModel.CanEditRequiredSigner = false; viewModel.ShowTextBox = true; } } else { viewModel.AllSigners = new[] { AnySigner }.Concat(owners.Select(owner => GetSignerViewModel(owner))).ToList(); } } else { viewModel.AllSigners = new[] { viewModel.RequiredSigner }; var ownersWithRequiredSignerControl = owners.Where( owner => _securityPolicyService.IsSubscribed(owner, ControlRequiredSignerPolicy.PolicyName)); if (owners.Count() == 1) { viewModel.ShowTextBox = true; } else { viewModel.UpdateRequiredSignerMessage(ownersWithRequiredSignerControl.Select(u => u.Username).ToList()); } } viewModel.CanEditRequiredSigner &= wasAADLoginOrMultiFactorAuthenticated; } viewModel.IsVulnerable = _packageVulnerabilitiesService.IsPackageVulnerable(package); return(viewModel); }
public ListPackageItemRequiredSignerViewModel( Package package, User currentUser, ISecurityPolicyService securityPolicyService, bool wasMultiFactorAuthenticated) : base(package, currentUser) { if (package == null) { throw new ArgumentNullException(nameof(package)); } if (currentUser == null) { throw new ArgumentNullException(nameof(currentUser)); } if (securityPolicyService == null) { throw new ArgumentNullException(nameof(securityPolicyService)); } var owners = package.PackageRegistration?.Owners ?? Enumerable.Empty <User>(); if (owners.Any()) { ShowRequiredSigner = true; var currentUserCanManageRequiredSigner = false; var currentUserHasRequiredSignerControl = false; var noOwnerHasRequiredSignerControl = true; foreach (var owner in owners) { if (!currentUserCanManageRequiredSigner && ActionsRequiringPermissions.ManagePackageRequiredSigner.CheckPermissions(currentUser, owner, package) == PermissionsCheckResult.Allowed) { currentUserCanManageRequiredSigner = true; } if (!currentUserHasRequiredSignerControl) { if (securityPolicyService.IsSubscribed(owner, ControlRequiredSignerPolicy.PolicyName)) { noOwnerHasRequiredSignerControl = false; if (owner == currentUser) { currentUserHasRequiredSignerControl = true; } else { currentUserHasRequiredSignerControl = (owner as Organization)?.GetMembershipOfUser(currentUser)?.IsAdmin ?? false; } } } } CanEditRequiredSigner = currentUserCanManageRequiredSigner && (currentUserHasRequiredSignerControl || noOwnerHasRequiredSignerControl); var requiredSigner = package.PackageRegistration?.RequiredSigners.FirstOrDefault(); if (requiredSigner == null) { if (owners.Count() == 1) { RequiredSigner = Convert(owners.Single()); } else { RequiredSigner = AnySigner; } } else { RequiredSigner = Convert(requiredSigner); } if (CanEditRequiredSigner) { if (owners.Count() == 1) { if (requiredSigner != null && requiredSigner != currentUser) { // Suppose users A and B own a package and user A is the required signer. // Then suppose user A removes herself as package owner. // User B must be able to change the required signer. AllSigners = new[] { RequiredSigner, Convert(currentUser) }; } else { AllSigners = Enumerable.Empty <SignerViewModel>(); CanEditRequiredSigner = false; ShowTextBox = true; } } else { AllSigners = new[] { AnySigner }.Concat(owners.Select(owner => Convert(owner))); } } else { AllSigners = new[] { RequiredSigner }; var ownersWithRequiredSignerControl = owners.Where( owner => securityPolicyService.IsSubscribed(owner, ControlRequiredSignerPolicy.PolicyName)); if (owners.Count() == 1) { ShowTextBox = true; } else { RequiredSignerMessage = GetRequiredSignerMessage(ownersWithRequiredSignerControl); } } CanEditRequiredSigner &= wasMultiFactorAuthenticated; } }