public override IEnumerable <PolicyViolation> GetViolations(PolicyAnalysisContext context) { foreach (var repo in context.Org.Repos) { var isRepoOwnedByMicrosoft = repo.IsOwnedByMicrosoft(); if (isRepoOwnedByMicrosoft) { foreach (var userAccess in repo.Users.Where(ua => ua.Describe().IsCollaborator)) { var user = userAccess.User; var permission = userAccess.Permission; var userWorksForMicrosoft = context.IsMicrosoftUser(user); if (!userWorksForMicrosoft && permission != CachedPermission.Pull) { yield return(new PolicyViolation( Descriptor, title: $"Non-Microsoft contributor '{user.Login}' should only have 'pull' permission for '{repo.Name}'", body: $@" The non-Microsoft contributor {user.Markdown()} was granted {permission.Markdown()} for the Microsoft-owned repo {repo.Markdown()}. Only Microsoft users should have more than `pull` permissions. * If this is a Microsoft user, they need to [link](https://docs.opensource.microsoft.com/tools/github/accounts/linking.html) their account. * If this isn't a Microsoft user, their permission needs to be changed to `pull`. ", org: context.Org, repo: repo, user: user )); } } } } ; }
public override IEnumerable <PolicyViolation> GetViolations(PolicyAnalysisContext context) { foreach (var team in context.Org.Teams) { var isOwnedByMicrosoft = team.IsOwnedByMicrosoft(); if (isOwnedByMicrosoft) { foreach (var user in team.Members) { var isMicrosoftUser = context.IsMicrosoftUser(user); if (!isMicrosoftUser) { yield return(new PolicyViolation( Descriptor, title: $"Microsoft owned team '{team.Name}' shouldn't contain '{user.Login}'", body: $@" Microsoft owned team {team.Markdown()} shouldn't contain user {user.Markdown()} because they are not an employee. * If this is a Microsoft user, they need to [link](https://docs.opensource.microsoft.com/tools/github/accounts/linking.html) their account. * If this team is supposed to represent Microsoft and non-Microsoft, the team shouldn't be owned by Microsoft * If this isn't a Microsoft user, they need to be removed from this team. ", org: context.Org, team: team, user: user )); } } } } ; }
public override IEnumerable <PolicyViolation> GetViolations(PolicyAnalysisContext context) { foreach (var user in context.Org.Users) { var userClaimsToBeWorkingForMicrosoft = user.IsClaimingToBeWorkingForMicrosoft(); var isMicrosoftUser = context.IsMicrosoftUser(user); if (userClaimsToBeWorkingForMicrosoft && !isMicrosoftUser) { yield return(new PolicyViolation( Descriptor, title: $"Microsoft-user '{user.Login}' should be linked", body: $@" User {user.Markdown()} appears to be a Microsoft employee. They should be [linked](https://opensource.microsoft.com/link) to a Microsoft account. For more details, see [documentation](https://docs.opensource.microsoft.com/tools/github/accounts/linking.html). ", org: context.Org, user: user )); } } }