public override IEnumerable <PolicyViolation> GetViolations(PolicyAnalysisContext context)
{
foreach (var repo in context.Org.Repos)
{
var isRepoOwnedByMicrosoft = repo.IsOwnedByMicrosoft();
if (isRepoOwnedByMicrosoft)
{
foreach (var userAccess in repo.Users.Where(ua => ua.Describe().IsCollaborator))
{
var user = userAccess.User;
var permission = userAccess.Permission;
var userWorksForMicrosoft = context.IsMicrosoftUser(user);
if (!userWorksForMicrosoft && permission != CachedPermission.Pull)
{
yield return(new PolicyViolation(
Descriptor,
title: $"Non-Microsoft contributor '{user.Login}' should only have 'pull' permission for '{repo.Name}'",
body: $@"
The non-Microsoft contributor {user.Markdown()} was granted {permission.Markdown()} for the Microsoft-owned repo {repo.Markdown()}.
Only Microsoft users should have more than `pull` permissions.
* If this is a Microsoft user, they need to [link](https://docs.opensource.microsoft.com/tools/github/accounts/linking.html) their account.
* If this isn't a Microsoft user, their permission needs to be changed to `pull`.
",
org: context.Org,
repo: repo,
user: user
));
}
}
}
}
;
}
public override IEnumerable <PolicyViolation> GetViolations(PolicyAnalysisContext context)
{
foreach (var team in context.Org.Teams)
{
var isOwnedByMicrosoft = team.IsOwnedByMicrosoft();
if (isOwnedByMicrosoft)
{
foreach (var user in team.Members)
{
var isMicrosoftUser = context.IsMicrosoftUser(user);
if (!isMicrosoftUser)
{
yield return(new PolicyViolation(
Descriptor,
title: $"Microsoft owned team '{team.Name}' shouldn't contain '{user.Login}'",
body: $@"
Microsoft owned team {team.Markdown()} shouldn't contain user {user.Markdown()} because they are not an employee.
* If this is a Microsoft user, they need to [link](https://docs.opensource.microsoft.com/tools/github/accounts/linking.html) their account.
* If this team is supposed to represent Microsoft and non-Microsoft, the team shouldn't be owned by Microsoft
* If this isn't a Microsoft user, they need to be removed from this team.
",
org: context.Org,
team: team,
user: user
));
}
}
}
}
;
}
public override IEnumerable <PolicyViolation> GetViolations(PolicyAnalysisContext context)
{
foreach (var user in context.Org.Users)
{
var userClaimsToBeWorkingForMicrosoft = user.IsClaimingToBeWorkingForMicrosoft();
var isMicrosoftUser = context.IsMicrosoftUser(user);
if (userClaimsToBeWorkingForMicrosoft && !isMicrosoftUser)
{
yield return(new PolicyViolation(
Descriptor,
title: $"Microsoft-user '{user.Login}' should be linked",
body: $@"
User {user.Markdown()} appears to be a Microsoft employee. They should be [linked](https://opensource.microsoft.com/link) to a Microsoft account.
For more details, see [documentation](https://docs.opensource.microsoft.com/tools/github/accounts/linking.html).
",
org: context.Org,
user: user
));
}
}
}