nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-01 16:12:49 -05:00
Code Activity

[AC-1139] Addressing PR suggestions

Browse Source
This commit is contained in:
Rui Tome
2023-10-31 16:35:01 +00:00
parent b2e4a39ef0
commit 080d1088c4
4 changed files with 12 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/Api/Vault/AuthorizationHandlers/Collections/BulkCollectionAuthorizationHandler.cs
View File

@ -116,10 +116,7 @@ public class BulkCollectionAuthorizationHandler : BulkAuthorizationHandler<Colle
await _currentContext.ProviderUserForOrgAsync(org.Id)) await _currentContext.ProviderUserForOrgAsync(org.Id))
{ {
context.Succeed(requirement); context.Succeed(requirement);
return;
} }
context.Fail();
} }
private async Task CanReadAsync(AuthorizationHandlerContext context, CollectionOperationRequirement requirement, private async Task CanReadAsync(AuthorizationHandlerContext context, CollectionOperationRequirement requirement,
@ -132,15 +129,11 @@ public class BulkCollectionAuthorizationHandler : BulkAuthorizationHandler<Colle
return; return;
} }
var canManageCollections = await CanManageCollectionsAsync(targetCollections, org, requireManagePermission: false); var canManageCollections = await HasCollectionAccessAsync(targetCollections, org, requireManagePermission: false);
if (canManageCollections) if (canManageCollections)
{ {
context.Succeed(requirement); context.Succeed(requirement);
} }
else
{
context.Fail();
}
} }
private async Task CanDeleteAsync(AuthorizationHandlerContext context, CollectionOperationRequirement requirement, private async Task CanDeleteAsync(AuthorizationHandlerContext context, CollectionOperationRequirement requirement,
@ -163,15 +156,11 @@ public class BulkCollectionAuthorizationHandler : BulkAuthorizationHandler<Colle
return; return;
} }
var canManageCollections = await CanManageCollectionsAsync(targetCollections, org, requireManagePermission: true); var canManageCollections = await HasCollectionAccessAsync(targetCollections, org, requireManagePermission: true);
if (canManageCollections) if (canManageCollections)
{ {
context.Succeed(requirement); context.Succeed(requirement);
} }
else
{
context.Fail();
}
} }
/// <summary> /// <summary>
@ -190,18 +179,14 @@ public class BulkCollectionAuthorizationHandler : BulkAuthorizationHandler<Colle
return; return;
} }
var canManageCollections = await CanManageCollectionsAsync(targetCollections, org, requireManagePermission: true); var canManageCollections = await HasCollectionAccessAsync(targetCollections, org, requireManagePermission: true);
if (canManageCollections) if (canManageCollections)
{ {
context.Succeed(requirement); context.Succeed(requirement);
} }
else
{
context.Fail();
}
} }
private async Task<bool> CanManageCollectionsAsync( private async Task<bool> HasCollectionAccessAsync(
ICollection<Collection> targetCollections, ICollection<Collection> targetCollections,
CurrentContextOrganization org, CurrentContextOrganization org,
bool requireManagePermission) bool requireManagePermission)

27
src/Api/Vault/AuthorizationHandlers/Collections/CollectionAuthorizationHandler.cs
View File

@ -35,20 +35,12 @@ public class CollectionAuthorizationHandler : AuthorizationHandler<CollectionOpe
throw new FeatureUnavailableException("Flexible collections is OFF when it should be ON."); throw new FeatureUnavailableException("Flexible collections is OFF when it should be ON.");
} }
if (!_currentContext.UserId.HasValue) if (!_currentContext.UserId.HasValue || requirement.OrganizationId == default)
{ {
context.Fail();
return; return;
} }
var targetOrganizationId = requirement.OrganizationId; var org = _currentContext.GetOrganization(requirement.OrganizationId);
if (targetOrganizationId == default)
{
context.Fail();
return;
}
var org = _currentContext.GetOrganization(targetOrganizationId);
switch (requirement) switch (requirement)
{ {
@ -79,18 +71,12 @@ public class CollectionAuthorizationHandler : AuthorizationHandler<CollectionOpe
return; return;
} }
} }
else
{
// Check if acting user is a provider user for the target organization // Check if acting user is a provider user for the target organization
if (await _currentContext.ProviderUserForOrgAsync(requirement.OrganizationId)) if (await _currentContext.ProviderUserForOrgAsync(requirement.OrganizationId))
{ {
context.Succeed(requirement); context.Succeed(requirement);
return;
} }
}
// Acting user is neither a member of the target organization or a provider user, fail
context.Fail();
} }
private async Task CanReadAllWithAccessAsync(AuthorizationHandlerContext context, CollectionOperationRequirement requirement, private async Task CanReadAllWithAccessAsync(AuthorizationHandlerContext context, CollectionOperationRequirement requirement,
@ -109,17 +95,12 @@ public class CollectionAuthorizationHandler : AuthorizationHandler<CollectionOpe
return; return;
} }
} }
else
{
// Check if acting user is a provider user for the target organization // Check if acting user is a provider user for the target organization
if (await _currentContext.ProviderUserForOrgAsync(requirement.OrganizationId)) if (await _currentContext.ProviderUserForOrgAsync(requirement.OrganizationId))
{ {
context.Succeed(requirement); context.Succeed(requirement);
return;
} }
}
// Acting user is neither a member of the target organization or a provider user, fail
context.Fail();
} }
} }

2
test/Api.Test/Vault/AuthorizationHandlers/BulkCollectionAuthorizationHandlerTests.cs
View File

@ -216,7 +216,7 @@ public class BulkCollectionAuthorizationHandlerTests
sutProvider.GetDependency<ICollectionRepository>().GetManyByUserIdAsync(actingUserId).Returns(collectionDetails); sutProvider.GetDependency<ICollectionRepository>().GetManyByUserIdAsync(actingUserId).Returns(collectionDetails);
await sutProvider.Sut.HandleAsync(context); await sutProvider.Sut.HandleAsync(context);
Assert.True(context.HasFailed); Assert.False(context.HasSucceeded);
sutProvider.GetDependency<ICurrentContext>().ReceivedWithAnyArgs().GetOrganization(default); sutProvider.GetDependency<ICurrentContext>().ReceivedWithAnyArgs().GetOrganization(default);
await sutProvider.GetDependency<ICollectionRepository>().ReceivedWithAnyArgs() await sutProvider.GetDependency<ICollectionRepository>().ReceivedWithAnyArgs()
.GetManyByUserIdAsync(default); .GetManyByUserIdAsync(default);

6
test/Api.Test/Vault/AuthorizationHandlers/CollectionAuthorizationHandlerTests.cs
View File

@ -55,7 +55,7 @@ public class CollectionAuthorizationHandlerTests
await sutProvider.Sut.HandleAsync(context); await sutProvider.Sut.HandleAsync(context);
Assert.True(expectedSuccess ? context.HasSucceeded : context.HasFailed); Assert.Equal(expectedSuccess, context.HasSucceeded);
} }
[Theory, BitAutoData] [Theory, BitAutoData]
@ -95,7 +95,7 @@ public class CollectionAuthorizationHandlerTests
sutProvider.GetDependency<ICurrentContext>().UserId.Returns((Guid?)null); sutProvider.GetDependency<ICurrentContext>().UserId.Returns((Guid?)null);
await sutProvider.Sut.HandleAsync(context); await sutProvider.Sut.HandleAsync(context);
Assert.True(context.HasFailed); Assert.False(context.HasSucceeded);
} }
[Theory, BitAutoData] [Theory, BitAutoData]
@ -114,6 +114,6 @@ public class CollectionAuthorizationHandlerTests
sutProvider.GetDependency<ICurrentContext>().GetOrganization(Arg.Any<Guid>()).Returns((CurrentContextOrganization)null); sutProvider.GetDependency<ICurrentContext>().GetOrganization(Arg.Any<Guid>()).Returns((CurrentContextOrganization)null);
await sutProvider.Sut.HandleAsync(context); await sutProvider.Sut.HandleAsync(context);
Assert.True(context.HasFailed); Assert.False(context.HasSucceeded);
} }
} }