/* * Copyright 2017 ThoughtWorks, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package cd.go.authorization.github; import cd.go.authorization.github.models.AuthConfig; import org.kohsuke.github.GHOrganization; import org.kohsuke.github.GHTeam; import org.kohsuke.github.GHUser; import org.kohsuke.github.GitHub; import java.io.IOException; import java.util.List; import java.util.Map; import static cd.go.authorization.github.GitHubPlugin.LOG; import static java.text.MessageFormat.format; public class MembershipChecker { private GitHubClientBuilder clientBuilder; public MembershipChecker() { this(new GitHubClientBuilder()); } MembershipChecker(GitHubClientBuilder clientBuilder) { this.clientBuilder = clientBuilder; } public boolean isAMemberOfAtLeastOneOrganization(GHUser ghUser, AuthConfig authConfig, List<String> organizationsAllowed) throws IOException { if (organizationsAllowed.isEmpty()) { LOG.debug("[MembershipChecker] No organizations provided."); return false; } return checkMembershipUsingPersonalAccessToken(ghUser, authConfig, organizationsAllowed); } private boolean checkMembershipUsingPersonalAccessToken(GHUser ghUser, AuthConfig authConfig, List<String> organizationsAllowed) throws IOException { final GitHub gitHubForPersonalAccessToken = clientBuilder.from(authConfig.gitHubConfiguration()); for (String organizationName : organizationsAllowed) { final GHOrganization organization = gitHubForPersonalAccessToken.getOrganization(organizationName); if (organization != null && organization.hasMember(ghUser)) { LOG.info(format("[MembershipChecker] User `{0}` is a member of `{1}` organization.", ghUser.getLogin(), organizationName)); return true; } } return false; } public boolean isAMemberOfAtLeastOneTeamOfOrganization(GHUser ghUser, AuthConfig authConfig, Map<String, List<String>> organizationAndTeamsAllowed) throws IOException { if (organizationAndTeamsAllowed.isEmpty()) { LOG.debug("[MembershipChecker] No teams provided."); return false; } return checkTeamMembershipUsingPersonalAccessToken(ghUser, authConfig, organizationAndTeamsAllowed); } private boolean checkTeamMembershipUsingPersonalAccessToken(GHUser ghUser, AuthConfig authConfig, Map<String, List<String>> organizationAndTeamsAllowed) throws IOException { final GitHub gitHubForPersonalAccessToken = clientBuilder.from(authConfig.gitHubConfiguration()); for (String organizationName : organizationAndTeamsAllowed.keySet()) { final GHOrganization organization = gitHubForPersonalAccessToken.getOrganization(organizationName); if (organization != null) { final List<String> allowedTeamsFromRole = organizationAndTeamsAllowed.get(organizationName); final Map<String, GHTeam> teamsFromGitHub = organization.getTeams(); for (GHTeam team : teamsFromGitHub.values()) { if (allowedTeamsFromRole.contains(team.getName().toLowerCase()) && team.hasMember(ghUser)) { LOG.info(format("[MembershipChecker] User `{0}` is a member of `{1}` team.", ghUser.getLogin(), team.getName())); return true; } } } } return false; } }