nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-05-22 12:04:27 -05:00
Code

Enforce Personal Ownership policy when importing (#1565)

Browse Source
This commit is contained in:
Thomas Rittson 2021-09-08 07:20:05 +10:00 committed by GitHub
parent 18adbc9c74
commit 01f0b6184f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/Core/Services/Implementations/CipherService.cs
View File

@ -686,6 +686,30 @@ namespace Bit.Core.Services
List<CipherDetails> ciphers, List<CipherDetails> ciphers,
IEnumerable<KeyValuePair<int, int>> folderRelationships) IEnumerable<KeyValuePair<int, int>> folderRelationships)
{ {
var userId = folders.FirstOrDefault()?.UserId ?? ciphers.FirstOrDefault()?.UserId;
// Check user is allowed to import to personal vault
if (userId.HasValue)
{
var policies = await _policyRepository.GetManyByUserIdAsync(userId.Value);
var allOrgUsers = await _organizationUserRepository.GetManyByUserAsync(userId.Value);
var orgsWithBlockingPolicy = policies
.Where(p => p.Enabled && p.Type == PolicyType.PersonalOwnership)
.Select(p => p.OrganizationId);
var blockedByPolicy = allOrgUsers.Any(ou =>
ou.Type != OrganizationUserType.Owner &&
ou.Type != OrganizationUserType.Admin &&
ou.Status != OrganizationUserStatusType.Invited &&
orgsWithBlockingPolicy.Contains(ou.OrganizationId));
if (blockedByPolicy)
{
throw new BadRequestException("You cannot import items into your personal vault because you are " +
"a member of an organization which forbids it.");
}
}
foreach (var cipher in ciphers) foreach (var cipher in ciphers)
{ {
cipher.SetNewId(); cipher.SetNewId();
@ -721,7 +745,6 @@ namespace Bit.Core.Services
await _cipherRepository.CreateAsync(ciphers, folders); await _cipherRepository.CreateAsync(ciphers, folders);
// push // push
var userId = folders.FirstOrDefault()?.UserId ?? ciphers.FirstOrDefault()?.UserId;
if (userId.HasValue) if (userId.HasValue)
{ {
await _pushService.PushSyncVaultAsync(userId.Value); await _pushService.PushSyncVaultAsync(userId.Value);