public CachedWhatIfPermission WhatIfRemovedFromTeam(CachedTeam team)
{
if (User.IsOwner)
{
return(new CachedWhatIfPermission(this, CachedPermission.Admin));
}
// Let's start by computing what we're getting from the repo directly.
//
// NOTE: This currently won't work because the GitHub API has no way to tell us
// direct repo permissions. For detais, see:
//
// https://github.com/octokit/octokit.net/issues/2036)
//
// Rather, it only gives us effective permissions. This means that if a user
// has 'admin' permissions through a team, but 'push' permissions by directly
// being added to a repo, running what-if for this repo/team will (incorrectly)
// conclude that the user was downgraded to 'pull' or lost access (if the repo
// is private).
//
// However, the current code will work for cases where the permissions granted
// through the team is less than what was given via the repo directly.
var maximumLevel = Repo.Users.Where(ua => ua.User == User && ua.Describe().IsCollaborator)
.Select(ua => (int)ua.Permission)
.DefaultIfEmpty(-1)
.Max();
foreach (var teamAccess in Repo.Teams)
{
var teamAccessLevel = (int)teamAccess.Permission;
foreach (var nestedTeam in teamAccess.Team.DescendentsAndSelf())
{
if (nestedTeam == team)
{
continue;
}
if (!nestedTeam.Members.Contains(User))
{
continue;
}
maximumLevel = Math.Max(maximumLevel, teamAccessLevel);
}
}
if (maximumLevel == -1)
{
return(new CachedWhatIfPermission(this, Repo.IsPrivate ? null : (CachedPermission?)CachedPermission.Pull));
}
var maximumPermission = (CachedPermission)maximumLevel;
return(new CachedWhatIfPermission(this, maximumPermission));
}
private async Task LoadTeamsAsync(CachedOrg cachedOrg)
{
await GitHubClient.PrintProgressAsync(Log, "Loading team list");
var teams = await GitHubClient.Organization.Team.GetAll(cachedOrg.Name);
var i = 0;
foreach (var team in teams)
{
await GitHubClient.PrintProgressAsync(Log, "Loading team", team.Name, i ++, teams.Count);
var cachedTeam = new CachedTeam
{
Id = team.Id.ToString(),
ParentId = team.Parent?.Id.ToString(),
Name = team.Name
};
cachedOrg.Teams.Add(cachedTeam);
var maintainerRequest = new TeamMembersRequest(TeamRoleFilter.Maintainer);
var maintainers = await GitHubClient.Organization.Team.GetAllMembers(team.Id, maintainerRequest);
foreach (var maintainer in maintainers)
{
cachedTeam.MaintainerLogins.Add(maintainer.Login);
}
await GitHubClient.WaitForEnoughQuotaAsync(Log);
var memberRequest = new TeamMembersRequest(TeamRoleFilter.All);
var members = await GitHubClient.Organization.Team.GetAllMembers(team.Id, memberRequest);
foreach (var member in members)
{
cachedTeam.MemberLogins.Add(member.Login);
}
await GitHubClient.WaitForEnoughQuotaAsync(Log);
foreach (var repo in await GitHubClient.Organization.Team.GetAllRepositories(team.Id))
{
var permissionLevel = repo.Permissions.Admin
? CachedPermission.Admin
: repo.Permissions.Push
? CachedPermission.Push
: CachedPermission.Pull;
var cachedRepoAccess = new CachedTeamAccess
{
RepoName = repo.Name,
Permission = permissionLevel
};
cachedTeam.Repos.Add(cachedRepoAccess);
}
}
}
