Add new admin panel for limiting operations allowed by some users (#8949)

See NuGet/Engineering#4213 for more information

Author: joelverhagen

src/NuGet.Services.Entities/User.cs

@@ -120,6 +120,10 @@ public bool Confirmed
 
         public int FailedLoginCount { get; set; }
 
+        public UserStatus UserStatusKey { get; set; }
+
+        public bool IsLocked => UserStatusKey == UserStatus.Locked;
+
         public string LastSavedEmailAddress
         {
             get

src/NuGet.Services.Entities/UserStatus.cs

@@ -0,0 +1,22 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace NuGet.Services.Entities
+{
+    public enum UserStatus
+    {
+        /// <summary>
+        /// The user is active and can perform all user operations. This does not consider additional requirements based on
+        /// <see cref="User.Confirmed"/>, <see cref="User.FailedLoginCount"/>, or <see cref="User.IsDeleted"/>.
+        /// </summary>
+        Unlocked = 0,
+
+        // enum value 1 is intentionally unused to allow future use for a "Deleted" status, to align with the
+        // PackageStatus enum.
+
+        /// <summary>
+        /// The user is locked and is restricted from performing some operations.
+        /// </summary>
+        Locked = 2,
+    }
+}

src/NuGetGallery.Core/Auditing/AuditedPackageAction.cs

@@ -19,6 +19,6 @@ public enum AuditedPackageAction
         SymbolsCreate,
         SymbolsDelete,
         Deprecate,
-        Undeprecate
+        Undeprecate,
     }
 }

src/NuGetGallery.Core/Auditing/AuditedPackageRegistrationAction.cs

@@ -12,5 +12,7 @@ public enum AuditedPackageRegistrationAction
         SetRequiredSigner,
         AddOwnershipRequest,
         DeleteOwnershipRequest,
+        Lock,
+        Unlock,
     }
 }

src/NuGetGallery.Core/Auditing/AuditedUserAction.cs

@@ -26,5 +26,7 @@ public enum AuditedUserAction
         EnabledMultiFactorAuthentication,
         DisabledMultiFactorAuthentication,
         ExternalLoginAttempt,
+        Lock,
+        Unlock,
     }
 }

src/NuGetGallery.Services/Authentication/ApiScopeEvaluationResult.cs

@@ -28,6 +28,7 @@ public class ApiScopeEvaluationResult
         public User Owner { get; }
 
         public bool IsOwnerConfirmed => Owner != null && Owner.Confirmed;
+        public bool IsOwnerLocked => Owner != null && Owner.IsLocked;
 
         public ApiScopeEvaluationResult(User owner, PermissionsCheckResult permissionsCheckResult, bool scopesAreValid)
         {
@@ -42,7 +43,10 @@ public ApiScopeEvaluationResult(User owner, PermissionsCheckResult permissionsCh
         /// </summary>
         public bool IsSuccessful()
         {
-            return ScopesAreValid && PermissionsCheckResult == PermissionsCheckResult.Allowed && IsOwnerConfirmed;
+            return ScopesAreValid
+                && PermissionsCheckResult == PermissionsCheckResult.Allowed
+                && IsOwnerConfirmed
+                && !IsOwnerLocked;
         }
     }
 }

src/NuGetGallery.Services/ServicesStrings.Designer.cs

@@ -1130,4 +1130,13 @@ The {1} Team</value>
   <data name="NuGetPackageDuplicateDependencyGroup" xml:space="preserve">
     <value>A nuget package may not contain multiple dependency groups with the same target framework.</value>
   </data>
+  <data name="UserAccountIsLocked" xml:space="preserve">
+    <value>Your user account is locked. Please contact [email protected].</value>
+  </data>
+  <data name="SpecificAccountIsLocked" xml:space="preserve">
+    <value>Account '{0}' is locked. Please contact [email protected].</value>
+  </data>
+  <data name="TransformAccount_AccountIsLocked" xml:space="preserve">
+    <value>Account '{0}' is locked and cannot be transformed to an organization. Please contact [email protected].</value>
+  </data>
 </root>

src/NuGetGallery.Services/ServicesStrings.resx

@@ -400,6 +400,11 @@ public async Task ChangeEmailAddress(User user, string newEmailAddress)
                 throw new EntityException(ServicesStrings.EmailAddressBeingUsed, newEmailAddress);
             }
 
+            if (user.IsLocked)
+            {
+                throw new EntityException(String.Format(CultureInfo.CurrentCulture, ServicesStrings.SpecificAccountIsLocked, user.Username));
+            }
+
             await Auditing.SaveAuditRecordAsync(new UserAuditRecord(user, AuditedUserAction.ChangeEmail, newEmailAddress));
 
             user.UpdateUnconfirmedEmailAddress(newEmailAddress, Crypto.GenerateToken);
@@ -499,6 +504,11 @@ public bool CanTransformUserToOrganization(User accountToTransform, out string e
                 errorReason = String.Format(CultureInfo.CurrentCulture,
                     ServicesStrings.TransformAccount_AccountNotConfirmed, accountToTransform.Username);
             }
+            else if (accountToTransform.IsLocked)
+            {
+                errorReason = String.Format(CultureInfo.CurrentCulture,
+                    ServicesStrings.TransformAccount_AccountIsLocked, accountToTransform.Username);
+            }
             else if (accountToTransform is Organization)
             {
                 errorReason = String.Format(CultureInfo.CurrentCulture,
@@ -574,6 +584,11 @@ public async Task<Organization> AddOrganizationAsync(string username, string ema
                 }
             }
 
+            if (adminUser.IsLocked)
+            {
+                throw new EntityException(ServicesStrings.UserAccountIsLocked);
+            }
+
             var organization = new Organization(username)
             {
                 EmailAllowed = true,

src/NuGetGallery.Services/UserManagement/UserService.cs

@@ -9,24 +9,29 @@
 using System.Web.Mvc;
 using NuGet.Services.Entities;
 using NuGetGallery.Areas.Admin.ViewModels;
+using NuGetGallery.Auditing;
 
 namespace NuGetGallery.Areas.Admin.Controllers
 {
     public class LockPackageController : AdminControllerBase
     {
-        private IEntityRepository<PackageRegistration> _packageRegistrationRepository;
+        private readonly IEntityRepository<PackageRegistration> _packageRegistrationRepository;
+        private readonly IAuditingService _auditingService;
 
-        public LockPackageController(IEntityRepository<PackageRegistration> packageRegistrationRepository)
+        public LockPackageController(
+            IEntityRepository<PackageRegistration> packageRegistrationRepository,
+            IAuditingService auditingService)
         {
             _packageRegistrationRepository = packageRegistrationRepository ?? throw new ArgumentNullException(nameof(packageRegistrationRepository));
+            _auditingService = auditingService ?? throw new ArgumentNullException(nameof(auditingService));
         }
 
         [HttpGet]
         public virtual ActionResult Index()
         {
             var model = new LockPackageViewModel();
 
-            return View(model);
+            return View("LockIndex", model);
         }
 
         [HttpGet]
@@ -35,25 +40,30 @@ public virtual ActionResult Search(string query)
             var lines = Helpers.ParseQueryToLines(query);
             var packageRegistrations = GetPackageRegistrationsForIds(lines);
 
-            return View(nameof(Index), new LockPackageViewModel()
+            return View("LockIndex", new LockPackageViewModel
             {
                 Query = query,
-                PackageLockStates = packageRegistrations.Select(x => new PackageLockState() { Id = x.Id, IsLocked = x.IsLocked }).ToList()
+                LockStates = packageRegistrations
+                    .Select(x => new LockState { Identifier = x.Id, IsLocked = x.IsLocked })
+                    .ToList()
             });
         }
 
         [HttpPost]
         [ValidateAntiForgeryToken]
-        public async Task<ActionResult> Update(LockPackageViewModel lockPackageViewModel)
+        public async Task<ActionResult> Update(LockPackageViewModel viewModel)
         {
-            int counter = 0;
+            var counter = 0;
+            viewModel = viewModel ?? new LockPackageViewModel();
 
-            if (lockPackageViewModel != null && lockPackageViewModel.PackageLockStates != null)
+            if (viewModel.LockStates != null)
             {
-                var packageIdsFromRequest = lockPackageViewModel.PackageLockStates.Select(x => x.Id).ToList();
+                var packageIdsFromRequest = viewModel.LockStates.Select(x => x.Identifier).ToList();
                 var packageRegistrationsFromDb = GetPackageRegistrationsForIds(packageIdsFromRequest);
 
-                var packageStatesFromRequestDictionary = lockPackageViewModel.PackageLockStates.ToDictionary(x => x.Id);
+                var packageStatesFromRequestDictionary = viewModel
+                    .LockStates
+                    .ToDictionary(x => x.Identifier, StringComparer.OrdinalIgnoreCase);
 
                 foreach (var packageRegistration in packageRegistrationsFromDb)
                 {
@@ -63,6 +73,10 @@ public async Task<ActionResult> Update(LockPackageViewModel lockPackageViewModel
                         {
                             packageRegistration.IsLocked = packageStateRequest.IsLocked;
                             counter++;
+                            await _auditingService.SaveAuditRecordAsync(new PackageRegistrationAuditRecord(
+                                packageRegistration,
+                                packageStateRequest.IsLocked ? AuditedPackageRegistrationAction.Lock : AuditedPackageRegistrationAction.Unlock,
+                                owner: null));
                         }
                     }
                 }
@@ -75,7 +89,7 @@ public async Task<ActionResult> Update(LockPackageViewModel lockPackageViewModel
 
             TempData["Message"] = string.Format(CultureInfo.InvariantCulture, $"Lock state was updated for {counter} packages.");
 
-            return View(nameof(Index), lockPackageViewModel);
+            return View("LockIndex", viewModel);
         }
 
         private IList<PackageRegistration> GetPackageRegistrationsForIds(IReadOnlyList<string> ids)