From 03cbc7983b87c74746b94f7d339e32026c84c683 Mon Sep 17 00:00:00 2001
From: Daniel James Smith <2670567+djsmith85@users.noreply.github.com>
Date: Tue, 9 Jan 2024 22:32:14 +0100
Subject: [PATCH] [PM-2730] Add missing hide-passwords permission to api models
 (#3125)

* Add missing hide-passwords permission to api models

* Update src/Api/Auth/Models/Public/AssociationWithPermissionsBaseModel.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* Rename ToSelectionReadOnly to ToCollectionAccessSelection

* Remove Required attribute which would break backwards compatability

* Update src/Api/Auth/Models/Public/Request/AssociationWithPermissionsRequestModel.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

---------

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
---
 src/Api/AdminConsole/Public/Controllers/GroupsController.cs  | 4 ++--
 src/Api/AdminConsole/Public/Controllers/MembersController.cs | 4 ++--
 .../Public/Models/AssociationWithPermissionsBaseModel.cs     | 5 +++++
 .../Models/Request/AssociationWithPermissionsRequestModel.cs | 5 +++--
 .../Response/AssociationWithPermissionsResponseModel.cs      | 1 +
 src/Api/Public/Controllers/CollectionsController.cs          | 2 +-
 6 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/src/Api/AdminConsole/Public/Controllers/GroupsController.cs b/src/Api/AdminConsole/Public/Controllers/GroupsController.cs
index 01c38a084f..4113014ac3 100644
--- a/src/Api/AdminConsole/Public/Controllers/GroupsController.cs
+++ b/src/Api/AdminConsole/Public/Controllers/GroupsController.cs
@@ -110,7 +110,7 @@ public class GroupsController : Controller
     public async Task<IActionResult> Post([FromBody] GroupCreateUpdateRequestModel model)
     {
         var group = model.ToGroup(_currentContext.OrganizationId.Value);
-        var associations = model.Collections?.Select(c => c.ToSelectionReadOnly());
+        var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection());
         var organization = await _organizationRepository.GetByIdAsync(_currentContext.OrganizationId.Value);
         await _createGroupCommand.CreateGroupAsync(group, organization, associations);
         var response = new GroupResponseModel(group, associations);
@@ -139,7 +139,7 @@ public class GroupsController : Controller
         }
 
         var updatedGroup = model.ToGroup(existingGroup);
-        var associations = model.Collections?.Select(c => c.ToSelectionReadOnly());
+        var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection());
         var organization = await _organizationRepository.GetByIdAsync(_currentContext.OrganizationId.Value);
         await _updateGroupCommand.UpdateGroupAsync(updatedGroup, organization, associations);
         var response = new GroupResponseModel(updatedGroup, associations);
diff --git a/src/Api/AdminConsole/Public/Controllers/MembersController.cs b/src/Api/AdminConsole/Public/Controllers/MembersController.cs
index 9c862f5202..3fde19faa7 100644
--- a/src/Api/AdminConsole/Public/Controllers/MembersController.cs
+++ b/src/Api/AdminConsole/Public/Controllers/MembersController.cs
@@ -119,7 +119,7 @@ public class MembersController : Controller
     [ProducesResponseType(typeof(ErrorResponseModel), (int)HttpStatusCode.BadRequest)]
     public async Task<IActionResult> Post([FromBody] MemberCreateRequestModel model)
     {
-        var associations = model.Collections?.Select(c => c.ToSelectionReadOnly());
+        var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection());
         var invite = new OrganizationUserInvite
         {
             Emails = new List<string> { model.Email },
@@ -154,7 +154,7 @@ public class MembersController : Controller
             return new NotFoundResult();
         }
         var updatedUser = model.ToOrganizationUser(existingUser);
-        var associations = model.Collections?.Select(c => c.ToSelectionReadOnly());
+        var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection());
         await _organizationService.SaveUserAsync(updatedUser, null, associations, model.Groups);
         MemberResponseModel response = null;
         if (existingUser.UserId.HasValue)
diff --git a/src/Api/AdminConsole/Public/Models/AssociationWithPermissionsBaseModel.cs b/src/Api/AdminConsole/Public/Models/AssociationWithPermissionsBaseModel.cs
index 9ccc17915d..4e24d2462f 100644
--- a/src/Api/AdminConsole/Public/Models/AssociationWithPermissionsBaseModel.cs
+++ b/src/Api/AdminConsole/Public/Models/AssociationWithPermissionsBaseModel.cs
@@ -15,4 +15,9 @@ public abstract class AssociationWithPermissionsBaseModel
     /// </summary>
     [Required]
     public bool? ReadOnly { get; set; }
+    /// <summary>
+    /// When true, the hide passwords permission will not allow the user or group to view passwords.
+    /// This prevents easy copy-and-paste of hidden items, however it may not completely prevent user access.
+    /// </summary>
+    public bool? HidePasswords { get; set; }
 }
diff --git a/src/Api/AdminConsole/Public/Models/Request/AssociationWithPermissionsRequestModel.cs b/src/Api/AdminConsole/Public/Models/Request/AssociationWithPermissionsRequestModel.cs
index a367e8d4e6..fcf5a68ba2 100644
--- a/src/Api/AdminConsole/Public/Models/Request/AssociationWithPermissionsRequestModel.cs
+++ b/src/Api/AdminConsole/Public/Models/Request/AssociationWithPermissionsRequestModel.cs
@@ -4,12 +4,13 @@ namespace Bit.Api.AdminConsole.Public.Models.Request;
 
 public class AssociationWithPermissionsRequestModel : AssociationWithPermissionsBaseModel
 {
-    public CollectionAccessSelection ToSelectionReadOnly()
+    public CollectionAccessSelection ToCollectionAccessSelection()
     {
         return new CollectionAccessSelection
         {
             Id = Id.Value,
-            ReadOnly = ReadOnly.Value
+            ReadOnly = ReadOnly.Value,
+            HidePasswords = HidePasswords.GetValueOrDefault()
         };
     }
 }
diff --git a/src/Api/AdminConsole/Public/Models/Response/AssociationWithPermissionsResponseModel.cs b/src/Api/AdminConsole/Public/Models/Response/AssociationWithPermissionsResponseModel.cs
index 08d9e36d45..798234e7a6 100644
--- a/src/Api/AdminConsole/Public/Models/Response/AssociationWithPermissionsResponseModel.cs
+++ b/src/Api/AdminConsole/Public/Models/Response/AssociationWithPermissionsResponseModel.cs
@@ -12,5 +12,6 @@ public class AssociationWithPermissionsResponseModel : AssociationWithPermission
         }
         Id = selection.Id;
         ReadOnly = selection.ReadOnly;
+        HidePasswords = selection.HidePasswords;
     }
 }
diff --git a/src/Api/Public/Controllers/CollectionsController.cs b/src/Api/Public/Controllers/CollectionsController.cs
index f2a745862c..97f082cb8a 100644
--- a/src/Api/Public/Controllers/CollectionsController.cs
+++ b/src/Api/Public/Controllers/CollectionsController.cs
@@ -89,7 +89,7 @@ public class CollectionsController : Controller
             return new NotFoundResult();
         }
         var updatedCollection = model.ToCollection(existingCollection);
-        var associations = model.Groups?.Select(c => c.ToSelectionReadOnly());
+        var associations = model.Groups?.Select(c => c.ToCollectionAccessSelection());
         await _collectionService.SaveAsync(updatedCollection, associations);
         var response = new CollectionResponseModel(updatedCollection, associations);
         return new JsonResult(response);