-
Notifications
You must be signed in to change notification settings - Fork 644
/
ScopeExtensions.cs
102 lines (89 loc) · 3.62 KB
/
ScopeExtensions.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text.RegularExpressions;
using NuGet.Services.Entities;
using NuGetGallery.Authentication;
namespace NuGetGallery
{
/// <summary>
/// APIs that provide lightweight extensibility for the Scope entity.
/// </summary>
public static class ScopeExtensions
{
private static readonly TimeSpan RegexTimeout = TimeSpan.FromMinutes(1);
/// <summary>
/// Determine if the scope allows any of the requested actions.
/// </summary>
/// <param name="scope">Credential scope.</param>
/// <param name="requestedActions">Actions to validate.</param>
/// <returns>True if any actions are allowed, false if none are.</returns>
public static bool AllowsActions(this Scope scope, params string[] requestedActions)
{
if (requestedActions == null)
{
throw new ArgumentNullException(nameof(requestedActions));
}
return requestedActions.Any(action => AllowsAction(scope, action));
}
/// <summary>
/// Determine if the scope allows the requested subject (package id).
/// </summary>
/// <param name="scope">Credential scope.</param>
/// <param name="subject">Requested scope (package id) for comparison.</param>
/// <returns>True if scope subjects match, false otehrwise.</returns>
public static bool AllowsSubject(this Scope scope, string subject)
{
if (scope == null)
{
throw new ArgumentNullException(nameof(scope));
}
if (string.IsNullOrEmpty(subject))
{
throw new ArgumentNullException(nameof(subject));
}
return new Regex(
"^" + Regex.Escape(scope.Subject).Replace(@"\*", ".*") + "$",
RegexOptions.IgnoreCase | RegexOptions.Singleline,
RegexTimeout)
.IsMatch(subject);
}
/// <summary>
/// Determine if scope contains an owner scope.
/// </summary>
/// <param name="scope">Credential scope.</param>
/// <returns>True if owner scope exists, false otherwise.</returns>
public static bool HasOwnerScope(this Scope scope)
{
if (scope == null)
{
throw new ArgumentNullException(nameof(scope));
}
return scope.OwnerKey.HasValue;
}
public static User GetOwnerScope(this IEnumerable<Scope> scopes)
{
if (scopes == null)
{
throw new ArgumentNullException(nameof(scopes));
}
// Gallery currently restricts ApiKeys to a single owner scope.
return scopes.Select(s => s.Owner)
.Distinct()
.SingleOrDefault();
}
private static bool AllowsAction(this Scope scope, string requestedAction)
{
if (scope == null)
{
throw new ArgumentNullException(nameof(scope));
}
return string.IsNullOrEmpty(requestedAction)
|| string.IsNullOrEmpty(scope.AllowedAction)
|| string.Equals(scope.AllowedAction, requestedAction, StringComparison.OrdinalIgnoreCase)
|| string.Equals(scope.AllowedAction, NuGetScopes.All, StringComparison.OrdinalIgnoreCase);
}
}
}