public async Task AddPackageOwnerAsync(PackageRegistration package, User newOwner)
{
package.Owners.Add(newOwner);
await _packageRepository.CommitChangesAsync();
if (_securityPolicyService.IsSubscribed(newOwner, AutomaticallyOverwriteRequiredSignerPolicy.PolicyName))
{
await SetRequiredSignerAsync(package, newOwner);
}
}
private static bool CanEditRequiredSigner(Package package, User currentUser, ISecurityPolicyService securityPolicyService, IEnumerable <User> owners)
{
var currentUserCanManageRequiredSigner = false;
var currentUserHasRequiredSignerControl = false;
var noOwnerHasRequiredSignerControl = true;
foreach (var owner in owners)
{
if (!currentUserCanManageRequiredSigner &&
ActionsRequiringPermissions.ManagePackageRequiredSigner.CheckPermissions(currentUser, owner, package)
== PermissionsCheckResult.Allowed)
{
currentUserCanManageRequiredSigner = true;
}
if (!currentUserHasRequiredSignerControl)
{
if (securityPolicyService.IsSubscribed(owner, ControlRequiredSignerPolicy.PolicyName))
{
noOwnerHasRequiredSignerControl = false;
if (owner == currentUser)
{
currentUserHasRequiredSignerControl = true;
}
else
{
currentUserHasRequiredSignerControl = (owner as Organization)?.GetMembershipOfUser(currentUser)?.IsAdmin ?? false;
}
}
}
}
var canEditRequiredSigned = currentUserCanManageRequiredSigner &&
(currentUserHasRequiredSignerControl || noOwnerHasRequiredSignerControl);
return(canEditRequiredSigned);
}
private ListPackageItemRequiredSignerViewModel SetupInternal(
ListPackageItemRequiredSignerViewModel viewModel,
Package package,
User currentUser,
bool wasAADLoginOrMultiFactorAuthenticated)
{
if (currentUser == null)
{
throw new ArgumentNullException(nameof(currentUser));
}
var owners = package.PackageRegistration?.Owners ?? Enumerable.Empty <User>();
if (owners.Any())
{
viewModel.ShowRequiredSigner = true;
viewModel.CanEditRequiredSigner = CanEditRequiredSigner(package, currentUser, _securityPolicyService, owners);
var requiredSigner = package.PackageRegistration?.RequiredSigners.FirstOrDefault();
if (requiredSigner == null)
{
if (owners.Count() == 1)
{
viewModel.RequiredSigner = GetSignerViewModel(owners.Single());
}
else
{
viewModel.RequiredSigner = AnySigner;
}
}
else
{
viewModel.RequiredSigner = GetSignerViewModel(requiredSigner);
}
if (viewModel.CanEditRequiredSigner)
{
if (owners.Count() == 1)
{
if (requiredSigner != null && requiredSigner != currentUser)
{
// Suppose users A and B own a package and user A is the required signer.
// Then suppose user A removes herself as package owner.
// User B must be able to change the required signer.
viewModel.AllSigners = new[] { viewModel.RequiredSigner, GetSignerViewModel(currentUser) };
}
else
{
viewModel.AllSigners = new List <SignerViewModel>();
viewModel.CanEditRequiredSigner = false;
viewModel.ShowTextBox = true;
}
}
else
{
viewModel.AllSigners = new[] { AnySigner }.Concat(owners.Select(owner => GetSignerViewModel(owner))).ToList();
}
}
else
{
viewModel.AllSigners = new[] { viewModel.RequiredSigner };
var ownersWithRequiredSignerControl = owners.Where(
owner => _securityPolicyService.IsSubscribed(owner, ControlRequiredSignerPolicy.PolicyName));
if (owners.Count() == 1)
{
viewModel.ShowTextBox = true;
}
else
{
viewModel.UpdateRequiredSignerMessage(ownersWithRequiredSignerControl.Select(u => u.Username).ToList());
}
}
viewModel.CanEditRequiredSigner &= wasAADLoginOrMultiFactorAuthenticated;
}
viewModel.IsVulnerable = _packageVulnerabilitiesService.IsPackageVulnerable(package);
return(viewModel);
}
public ListPackageItemRequiredSignerViewModel(
Package package,
User currentUser,
ISecurityPolicyService securityPolicyService,
bool wasMultiFactorAuthenticated)
: base(package, currentUser)
{
if (package == null)
{
throw new ArgumentNullException(nameof(package));
}
if (currentUser == null)
{
throw new ArgumentNullException(nameof(currentUser));
}
if (securityPolicyService == null)
{
throw new ArgumentNullException(nameof(securityPolicyService));
}
var owners = package.PackageRegistration?.Owners ?? Enumerable.Empty <User>();
if (owners.Any())
{
ShowRequiredSigner = true;
var currentUserCanManageRequiredSigner = false;
var currentUserHasRequiredSignerControl = false;
var noOwnerHasRequiredSignerControl = true;
foreach (var owner in owners)
{
if (!currentUserCanManageRequiredSigner &&
ActionsRequiringPermissions.ManagePackageRequiredSigner.CheckPermissions(currentUser, owner, package)
== PermissionsCheckResult.Allowed)
{
currentUserCanManageRequiredSigner = true;
}
if (!currentUserHasRequiredSignerControl)
{
if (securityPolicyService.IsSubscribed(owner, ControlRequiredSignerPolicy.PolicyName))
{
noOwnerHasRequiredSignerControl = false;
if (owner == currentUser)
{
currentUserHasRequiredSignerControl = true;
}
else
{
currentUserHasRequiredSignerControl = (owner as Organization)?.GetMembershipOfUser(currentUser)?.IsAdmin ?? false;
}
}
}
}
CanEditRequiredSigner = currentUserCanManageRequiredSigner &&
(currentUserHasRequiredSignerControl || noOwnerHasRequiredSignerControl);
var requiredSigner = package.PackageRegistration?.RequiredSigners.FirstOrDefault();
if (requiredSigner == null)
{
if (owners.Count() == 1)
{
RequiredSigner = Convert(owners.Single());
}
else
{
RequiredSigner = AnySigner;
}
}
else
{
RequiredSigner = Convert(requiredSigner);
}
if (CanEditRequiredSigner)
{
if (owners.Count() == 1)
{
if (requiredSigner != null && requiredSigner != currentUser)
{
// Suppose users A and B own a package and user A is the required signer.
// Then suppose user A removes herself as package owner.
// User B must be able to change the required signer.
AllSigners = new[] { RequiredSigner, Convert(currentUser) };
}
else
{
AllSigners = Enumerable.Empty <SignerViewModel>();
CanEditRequiredSigner = false;
ShowTextBox = true;
}
}
else
{
AllSigners = new[] { AnySigner }.Concat(owners.Select(owner => Convert(owner)));
}
}
else
{
AllSigners = new[] { RequiredSigner };
var ownersWithRequiredSignerControl = owners.Where(
owner => securityPolicyService.IsSubscribed(owner, ControlRequiredSignerPolicy.PolicyName));
if (owners.Count() == 1)
{
ShowTextBox = true;
}
else
{
RequiredSignerMessage = GetRequiredSignerMessage(ownersWithRequiredSignerControl);
}
}
CanEditRequiredSigner &= wasMultiFactorAuthenticated;
}
}
