public async Task <List <string> > Permissions([FromRoute] string org)
{
List <string> permittedEnvironments = new List <string>();
List <Team> teams = await _giteaService.GetTeams();
permittedEnvironments = teams.Where(t =>
t.Organization.Username.Equals(org, System.StringComparison.OrdinalIgnoreCase) &&
t.Name.StartsWith("Deploy-", System.StringComparison.OrdinalIgnoreCase))
.Select(t => t.Name.Split('-')[1])
.ToList();
return(permittedEnvironments);
}
/// <inheritdoc/>
protected override async Task HandleRequirementAsync(
AuthorizationHandlerContext context,
GiteaDeployPermissionRequirement requirement)
{
if (_httpContext == null)
{
return;
}
string org = _httpContext.GetRouteValue("org")?.ToString();
string app = _httpContext.GetRouteValue("app")?.ToString();
if (string.IsNullOrWhiteSpace(org) ||
string.IsNullOrWhiteSpace(app))
{
_httpContext.Response.StatusCode = (int)HttpStatusCode.BadRequest;
return;
}
if (!_settings.CheckTeamMembershipForDeploy)
{
RepositoryClient.Model.Repository repository = await _giteaApiWrapper.GetRepository(org, app);
if (repository?.Permissions?.Push == true ||
repository?.Permissions?.Admin == true)
{
context.Succeed(requirement);
}
else
{
_httpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
return;
}
string environment = _httpContext.GetRouteValue("environment")?.ToString();
if (string.IsNullOrEmpty(environment))
{
_httpContext.Request.EnableBuffering();
using (var reader = new StreamReader(
_httpContext.Request.Body,
encoding: Encoding.UTF8,
detectEncodingFromByteOrderMarks: false,
bufferSize: 1024,
leaveOpen: true))
{
string body = await reader.ReadToEndAsync();
try
{
CreateDeploymentRequestViewModel model = JsonConvert.DeserializeObject <CreateDeploymentRequestViewModel>(body);
environment = model.Environment.Name;
}
catch
{
reader.Close();
_httpContext.Response.StatusCode = (int)HttpStatusCode.BadRequest;
return;
}
// Reset the request body stream position so the next middleware can read it
_httpContext.Request.Body.Position = 0;
}
}
string matchTeam = $"Deploy-{environment}";
List <Team> teams = await _giteaApiWrapper.GetTeams();
bool any = teams.Any(t => t.Organization.Username.Equals(
org, System.StringComparison.OrdinalIgnoreCase) &&
t.Name.Equals(matchTeam, System.StringComparison.OrdinalIgnoreCase));
if (any)
{
context.Succeed(requirement);
}
else
{
_httpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
}