Extract single-org policy check to OrganizationService (#1410)

2025-07-01 16:12:49 -05:00 · 2021-06-30 09:21:41 +02:00
parent 59c2dcf218
commit 08f508f536
2 changed files with 22 additions and 27 deletions
--- a/src/Core/Services/Implementations/OrganizationService.cs
+++ b/src/Core/Services/Implementations/OrganizationService.cs
@ -557,6 +557,7 @@ namespace Bit.Core.Services
                throw new BadRequestException("Plan not found.");
            }

+            await ValidateSignUpPoliciesAsync(signup.Owner.Id);
            ValidateOrganizationUpgradeParameters(plan, signup);

            var organization = new Organization
@ -622,6 +623,24 @@ namespace Bit.Core.Services
            return returnValue;
        }

+        private async Task ValidateSignUpPoliciesAsync(Guid ownerId)
+        {
+            var policies = await _policyRepository.GetManyByUserIdAsync(ownerId);
+            var orgUsers = await _organizationUserRepository.GetManyByUserAsync(ownerId);
+
+            var orgsWithSingleOrgPolicy = policies.Where(p => p.Enabled && p.Type == PolicyType.SingleOrg)
+                .Select(p => p.OrganizationId);
+            var blockedBySingleOrgPolicy = orgUsers.Any(ou => ou is {Type: OrganizationUserType.Owner} &&
+                                                              ou.Type != OrganizationUserType.Admin &&
+                                                              ou.Status != OrganizationUserStatusType.Invited &&
+                                                              orgsWithSingleOrgPolicy.Contains(ou.OrganizationId));
+            if (blockedBySingleOrgPolicy)
+            {
+                throw new BadRequestException("You may not create an organization. You belong to an organization " +
+                    "which has a policy that prohibits you from being a member of any other organization.");
+            }
+        }
+
        public async Task<Tuple<Organization, OrganizationUser>> SignUpAsync(
            OrganizationLicense license, User owner, string ownerKey, string collectionName, string publicKey,
            string privateKey)
@ -649,6 +668,8 @@ namespace Bit.Core.Services
                throw new BadRequestException("License is already in use by another organization.");
            }

+            await ValidateSignUpPoliciesAsync(owner.Id);
+
            var organization = new Organization
            {
                Name = license.Name,