Use PackagePermissionsService to determine actions a user can perform on a package

[scottbommarito]

This replaces ExtensionMethods.IsOwner.

I went through all previous calls of IsOwner and replaced them with a HasPermissions call with the right Permission. I also added checks to _UserPackagesList.cshtml to only show actions that the user can perform.

[joelverhagen]

I don't think should not be nested. It makes the call sites too verbose.

[scottbommarito]

done

[joelverhagen]

nit: can we write this without goto?

[scottbommarito]

yes, but it will be significantly more verbose

[joelverhagen]

verbose is better IMO for something so critical as permissions.

[scottbommarito]

Which is why I made the tests very explicit. If someone wants to change the permissions they will need to change the tests in the exact same way.

[joelverhagen]

Implementation should be as clear or clearer than tests. People trying to understand our code should not have to dig through unit tests for comprehension. Alternative is to have docs concerning this matrix of permissions.

[skofman1]

please no goto in code

---

In reply to: 147482420 [](ancestors = 147482420)

[ryuyu]

can we just drop the goto and let it fall through? it looks like that is bascially what is happening here anyway?

[scottbommarito]

C# does not allow falling through, which is why this exists as is

regardless, I rewrote it to be explicit, as @joelverhagen requested

[joelverhagen]

Perhaps this could be call Anonymous -- this enum almost role

[scottbommarito]

IMO None makes more sense because they have "no" permissions with the package

[scottbommarito]

Thought about it more and I agree that Anonymous is better

[joelverhagen]

How is the notion of UploadNewVersion captured? Is that out of scope for this particular PR?

[scottbommarito]

I think this should be renamed to UploadNewVersion. These permissions only affect existing packages.

[joelverhagen]

Aren't Upload and UploadNewVersion different permissions tho?

[scottbommarito]

Yes, but UploadNewId won't come into play until the user can choose the owner of the new package. These permissions are "I have this existing package, what can I do to it."

E.g. out of scope for this PR

[joelverhagen]

This is new for SiteAdmin right?

[scottbommarito]

Yes, good catch.

I thought it makes sense, but I'm fine removing the permission

[joelverhagen]

super nit: trailing , so that adding new permissions only effects on line (easier to read diff)

[scottbommarito]

done

[joelverhagen]

⌚️

[skofman1]

DisplayMyPackage isn't the best name here. Consider: DisplayHiddenPackage/DisplayPrivatePackage

[scottbommarito]

using DisplayPrivatePackage

[skofman1]

if (package.Owners.Any(owner => owner.Key == user.Key)) [](start = 10, length = 57)

This should be handled by the PackagePermissionsService . We will need to add Org logic here soon, so it doesn't make sense to have to logic here

[scottbommarito]

correct, didn't notice this

[scottbommarito]

upon looking over this case, this case shouldn't be handled by the PackagePermissionsService, because this is for adding a user as a co-owner

I didn't review the remainder of the code and did find some cases that used Owners.Any directly that should be using PackagePermissionsService however

[skofman1]

upon looking over this case, this case shouldn't be handled by the PackagePermissionsService, because this is for adding a user as a co-owner - we are handling co-ownership for packages, why shouldnt this be handled by PackagePermissionsService?

[scottbommarito]

yea i mean it didn't use HasPermission, but it uses GetPermissionLevels which used to be private

[skofman1]

This is not Permission, this is Action

[scottbommarito]

changed

[skofman1]

🕐

[ryuyu]

We should probably also use this to hide the Manage Package Owners button in the Manage Packages page for packages that users are collaborators on.
I don't think those use the _ListPackage.cshtml

[joelverhagen]

🥇 this is beautiful

[joelverhagen]

👍

[scottbommarito]

@ryuyu Manage Packages uses _UserPackagesList, which is handled by these changes

[skofman1]

UploadNewVersion is different then uploading a new package id?

[scottbommarito]

yes, these are all actions on an existing package or id

UploadNewId is a right on an organization or a reserved namespace, not an existing package.

[skofman1]

I don't see an "UploadNewId" Action here

[scottbommarito]

It will come in a future PR

[skofman1]

Delete [](start = 8, length = 6)

Delete is actually Unlist?

[scottbommarito]

Yes...the UI and API endpoints are named Delete. I can add comments

[skofman1]

IMO it's better to rename to Unlist, cause an SiteAdmin can actually do a Delete.

[scottbommarito]

renamed

[chenriksson]

PermissionLevel and PackageAction should be extracted into separate files.

[scottbommarito]

done

[chenriksson]

nit: why not just pass principal to the core GetPrincipalLevels. One less arg, and no need for allocating the lambda.

[scottbommarito]

Not sure what you mean exactly...are you suggesting UserMatchesPrincipal and UserMatchesUser should return a Func<User, bool>?

[chenriksson]

nit: why include anonymous? HasPermissions could just check, and return false immediately w/o linq.

[scottbommarito]

not possible because I wanted to separate the allowed actions from the permission levels

[scottbommarito]

correction: if we ever decide Anonymous users can do actions, such as ReportAbuse, they would need state here

[chenriksson]

Just saying if anonymous has no actions, no need for the extra allocations... in case this is on the fast path. For instance:

private static bool IsActionAllowed(IEnumerable<PermissionLevel> permissionLevels, PackageAction action)
{
    return permissionLevels != null && permissionLevels.Any(permissionLevel => _allowedActions[permissionLevel].Contains(action));
}
public static IEnumerable<PermissionLevel> GetPermissionLevels(IEnumerable<User> owners, IPrincipal principal)
{
    if (principal == null)
    {
        return null;
    }
    ...

[scottbommarito]

Ah, well I think I prefer it like this because
1 - it's easier to extend and add actions to anonymous if we decide we need to
2 - it matches the structure of the rest of the permission levels

[chenriksson]

nit: Is a static class really a service? Wondering if this class should be shortened to just PackagePermissions?

Also, 'Permissions' is redundant. Maybe 'PackagePermissionsService.HasPermissions(...)' could change to 'PackagePermissions.ActionAllowed(...)' or something.

[scottbommarito]

AFAIK it fits all the definitions of being a service, despite being a static class.

Will change to ActionAllowed

[chenriksson]

The GetPermissionLevels APIs seem like they should be private. The only use outside this class is a check if the user is the owner. Maybe you instead expose a single IsOwner API?

[scottbommarito]

I like them being public, because I think there's a pretty high likelihood we will use them to check other states besides IsOwner in the future.

[chenriksson]

Just a suggestion, but I think it opens up complexity to the callers that this service was intended for.

[skofman1]