[AC-1330] [AC-1815] [Server] Deprecate access control indicator - UserCipherDetails (#3372)

* Create UserCipherDetails_v2 and update logic to remove AccessAll * Create v2 variants of all sprocs that rely on it * Add feature flag logic to call old or new sproc * Make equivalent changes to EF queries
2025-07-07 10:55:43 -05:00 · 2023-11-28 11:14:33 +10:00
parent b062ab8043
commit 12667dbb3f
22 changed files with 904 additions and 107 deletions
--- a/src/Core/Auth/Services/Implementations/EmergencyAccessService.cs
+++ b/src/Core/Auth/Services/Implementations/EmergencyAccessService.cs
@ -5,6 +5,7 @@ using Bit.Core.Auth.Enums;
 using Bit.Core.Auth.Models;
 using Bit.Core.Auth.Models.Business.Tokenables;
 using Bit.Core.Auth.Models.Data;
+using Bit.Core.Context;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
@ -33,6 +34,11 @@ public class EmergencyAccessService : IEmergencyAccessService
    private readonly IPasswordHasher<User> _passwordHasher;
    private readonly IOrganizationService _organizationService;
    private readonly IDataProtectorTokenFactory<EmergencyAccessInviteTokenable> _dataProtectorTokenizer;
+    private readonly ICurrentContext _currentContext;
+    private readonly IFeatureService _featureService;
+
+    private bool UseFlexibleCollections =>
+        _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollections, _currentContext);

    public EmergencyAccessService(
        IEmergencyAccessRepository emergencyAccessRepository,
@ -46,7 +52,9 @@ public class EmergencyAccessService : IEmergencyAccessService
        IPasswordHasher<User> passwordHasher,
        GlobalSettings globalSettings,
        IOrganizationService organizationService,
-        IDataProtectorTokenFactory<EmergencyAccessInviteTokenable> dataProtectorTokenizer)
+        IDataProtectorTokenFactory<EmergencyAccessInviteTokenable> dataProtectorTokenizer,
+        ICurrentContext currentContext,
+        IFeatureService featureService)
    {
        _emergencyAccessRepository = emergencyAccessRepository;
        _organizationUserRepository = organizationUserRepository;
@ -60,6 +68,8 @@ public class EmergencyAccessService : IEmergencyAccessService
        _globalSettings = globalSettings;
        _organizationService = organizationService;
        _dataProtectorTokenizer = dataProtectorTokenizer;
+        _currentContext = currentContext;
+        _featureService = featureService;
    }

    public async Task<EmergencyAccess> InviteAsync(User invitingUser, string email, EmergencyAccessType type, int waitTime)
@ -387,7 +397,7 @@ public class EmergencyAccessService : IEmergencyAccessService
            throw new BadRequestException("Emergency Access not valid.");
        }

-        var ciphers = await _cipherRepository.GetManyByUserIdAsync(emergencyAccess.GrantorId, false);
+        var ciphers = await _cipherRepository.GetManyByUserIdAsync(emergencyAccess.GrantorId, useFlexibleCollections: UseFlexibleCollections, withOrganizations: false);

        return new EmergencyAccessViewData
        {
@ -405,7 +415,7 @@ public class EmergencyAccessService : IEmergencyAccessService
            throw new BadRequestException("Emergency Access not valid.");
        }

-        var cipher = await _cipherRepository.GetByIdAsync(cipherId, emergencyAccess.GrantorId);
+        var cipher = await _cipherRepository.GetByIdAsync(cipherId, emergencyAccess.GrantorId, UseFlexibleCollections);
        return await _cipherService.GetAttachmentDownloadDataAsync(cipher, attachmentId);
    }