public ActionRequiringReservedNamespacePermissions(
PermissionsRequirement accountOnBehalfOfPermissionsRequirement,
PermissionsRequirement reservedNamespacePermissionsRequirement)
: base(accountOnBehalfOfPermissionsRequirement)
{
ReservedNamespacePermissionsRequirement = reservedNamespacePermissionsRequirement;
}
public ActionRequiringPackagePermissions(
PermissionsRequirement accountOnBehalfOfPermissionsRequirement,
PermissionsRequirement packageRegistrationPermissionsRequirement)
: base(accountOnBehalfOfPermissionsRequirement)
{
PackageRegistrationPermissionsRequirement = packageRegistrationPermissionsRequirement;
}
/// <summary>
/// Is <paramref name="currentPrincipal"/> allowed to perform an action with a requirement of <paramref name="permissionsRequirement"/> on the entity owned by <paramref name="entityOwners"/>?
/// </summary>
public static bool IsRequirementSatisfied(PermissionsRequirement permissionsRequirement, User currentUser, ICollection <User> entityOwners)
{
if (currentUser == null)
{
/// If the current user is logged out, only <see cref="PermissionsRequirement.None"/> is satisfied.
return(WouldSatisfy(PermissionsRequirement.None, permissionsRequirement));
}
return(IsRequirementSatisfied(
permissionsRequirement,
currentUser.IsAdministrator,
u => currentUser.MatchesUser(u),
entityOwners));
}
private static bool IsRequirementSatisfied(PermissionsRequirement permissionsRequirement, bool isUserAdmin, Func <User, bool> isUserMatch, ICollection <User> entityOwners)
{
if (isUserAdmin &&
WouldSatisfy(PermissionsRequirement.SiteAdmin, permissionsRequirement))
{
return(true);
}
if (entityOwners == null || !entityOwners.Any())
{
/// If there are no owners of the entity and the current user is not a site admin, only <see cref="PermissionsRequirement.None"/> is satisfied.
return(WouldSatisfy(PermissionsRequirement.None, permissionsRequirement));
}
if (WouldSatisfy(PermissionsRequirement.Owner, permissionsRequirement) &&
entityOwners.Any(isUserMatch))
{
return(true);
}
var matchingMembers = entityOwners
.OfType <Organization>()
.SelectMany(o => o.Members)
.Where(m => isUserMatch(m.Member))
.ToList();
if (WouldSatisfy(PermissionsRequirement.OrganizationAdmin, permissionsRequirement) &&
matchingMembers.Any(m => m.IsAdmin))
{
return(true);
}
if (WouldSatisfy(PermissionsRequirement.OrganizationCollaborator, permissionsRequirement) &&
matchingMembers.Any(m => !m.IsAdmin))
{
return(true);
}
/// If the current user is not related to the entity in any way and is not a site admin, only <see cref="PermissionsRequirement.None"/> is satisfied.
return(WouldSatisfy(PermissionsRequirement.None, permissionsRequirement));
}
private static bool IsRequirementSatisfied(PermissionsRequirement permissionsRequirement, bool isUserAdmin, Func <User, bool> isUserMatch, ICollection <User> entityOwners)
{
if (isUserAdmin &&
WouldSatisfy(PermissionsRequirement.SiteAdmin, permissionsRequirement))
{
return(true);
}
if (entityOwners == null || !entityOwners.Any())
{
/// If there are no owners of the entity and the current user is not a site admin, only <see cref="PermissionsRequirement.None"/> is satisfied.
return(WouldSatisfy(PermissionsRequirement.None, permissionsRequirement));
}
if (WouldSatisfy(PermissionsRequirement.Owner, permissionsRequirement) &&
entityOwners.Any(isUserMatch))
{
return(true);
}
var entityOrganizationOwners = entityOwners
.OfType <Organization>();
// use cached Administrators collection to avoid querying members directly
if (WouldSatisfy(PermissionsRequirement.OrganizationAdmin, permissionsRequirement) &&
entityOrganizationOwners.Any(o => o.Administrators.Any(m => isUserMatch(m))))
{
return(true);
}
// use cached Collaborators collection to avoid querying members directly
if (WouldSatisfy(PermissionsRequirement.OrganizationCollaborator, permissionsRequirement) &&
entityOrganizationOwners.Any(o => o.Collaborators.Any(m => isUserMatch(m))))
{
return(true);
}
/// If the current user is not related to the entity in any way and is not a site admin, only <see cref="PermissionsRequirement.None"/> is satisfied.
return(WouldSatisfy(PermissionsRequirement.None, permissionsRequirement));
}
public ActionRequiringEntityPermissions(PermissionsRequirement accountOnBehalfOfPermissionsRequirement)
{
AccountOnBehalfOfPermissionsRequirement = accountOnBehalfOfPermissionsRequirement;
}
/// <summary>
/// Is <paramref name="currentPrincipal"/> allowed to perform an action with a requirement of <paramref name="permissionsRequirement"/> on <paramref name="account"/>?
/// </summary>
public static bool IsRequirementSatisfied(PermissionsRequirement action, User currentUser, User account)
{
return(IsRequirementSatisfied(action, currentUser, new User[] { account }));
}
/// <summary>
/// Is <paramref name="currentUser"/> allowed to perform an action with a requirement of <paramref name="permissionsRequirement"/> on <paramref name="reservedNamespace"/>?
/// </summary>
public static bool IsRequirementSatisfied(PermissionsRequirement permissionsRequirement, User currentUser, ReservedNamespace reservedNamespace)
{
return(reservedNamespace.IsSharedNamespace || IsRequirementSatisfied(permissionsRequirement, currentUser, reservedNamespace.Owners));
}
/// <summary>
/// Is <paramref name="currentUser"/> allowed to perform an action with a requirement of <paramref name="permissionsRequirement"/> on <paramref name="packageRegistration"/>?
/// </summary>
public static bool IsRequirementSatisfied(PermissionsRequirement permissionsRequirement, User currentUser, PackageRegistration packageRegistration)
{
return(IsRequirementSatisfied(permissionsRequirement, currentUser, packageRegistration.Owners));
}
/// <summary>
/// Is <paramref name="currentPrincipal"/> allowed to perform an action with a requirement of <paramref name="permissionsRequirement"/> on <paramref name="account"/>?
/// </summary>
public static bool IsRequirementSatisfied(PermissionsRequirement permissionsRequirement, IPrincipal currentPrincipal, User account)
{
return(IsRequirementSatisfied(permissionsRequirement, currentPrincipal, new User[] { account }));
}
/// <summary>
/// Is <paramref name="currentPrincipal"/> allowed to perform an action with a requirement of <paramref name="permissionsRequirement"/> on <paramref name="packageRegistration"/>?
/// </summary>
public static bool IsRequirementSatisfied(PermissionsRequirement permissionsRequirement, IPrincipal currentPrincipal, PackageRegistration packageRegistration)
{
return(IsRequirementSatisfied(permissionsRequirement, currentPrincipal, packageRegistration.Owners));
}
/// <summary>
/// Returns true if and only if satisfying <paramref name="permissionsRequirementToCheck"/> would also satisfy <paramref name="permissionsRequirementToSatisfy"/>?
/// </summary>
private static bool WouldSatisfy(PermissionsRequirement permissionsRequirementToCheck, PermissionsRequirement permissionsRequirementToSatisfy)
{
return((permissionsRequirementToCheck & permissionsRequirementToSatisfy) != PermissionsRequirement.Unsatisfiable);
}
public ActionRequiringAccountPermissions(PermissionsRequirement accountPermissionsRequirement)
{
AccountPermissionsRequirement = accountPermissionsRequirement;
}
private void AssertIsRequirementSatisfied(ICollection <User> owners, User user, PermissionsRequirement expectedSatisfiedPermissionsRequirement)
{
for (int i = 0; i < _maxPermissionsRequirement * 2; i++)
{
var permissionsRequirement = (PermissionsRequirement)i;
var shouldSucceed = (permissionsRequirement & expectedSatisfiedPermissionsRequirement) > 0;
Assert.Equal(shouldSucceed, PermissionsHelpers.IsRequirementSatisfied(permissionsRequirement, user, owners));
var principal = GetPrincipal(user);
Assert.Equal(shouldSucceed, PermissionsHelpers.IsRequirementSatisfied(permissionsRequirement, principal, owners));
}
}
public TestableActionRequiringEntityPermissions(PermissionsRequirement accountOnBehalfOfPermissionsRequirement, Func <User, TestablePermissionsEntity, PermissionsCheckResult> isAllowedOnEntity)
: base(accountOnBehalfOfPermissionsRequirement)
{
_isAllowedOnEntity = isAllowedOnEntity;
}
