[AC-1330] [AC-1815] [Server] Deprecate access control indicator - UserCipherDetails (#3372)

* Create UserCipherDetails_v2 and update logic to remove AccessAll * Create v2 variants of all sprocs that rely on it * Add feature flag logic to call old or new sproc * Make equivalent changes to EF queries
2025-07-02 16:42:50 -05:00 · 2023-11-28 11:14:33 +10:00
parent b062ab8043
commit 12667dbb3f
22 changed files with 904 additions and 107 deletions
--- a/src/Infrastructure.EntityFramework/Repositories/Queries/UserCipherDetailsQuery.cs
+++ b/src/Infrastructure.EntityFramework/Repositories/Queries/UserCipherDetailsQuery.cs
@ -8,11 +8,21 @@ namespace Bit.Infrastructure.EntityFramework.Repositories.Queries;
 public class UserCipherDetailsQuery : IQuery<CipherDetails>
 {
    private readonly Guid? _userId;
-    public UserCipherDetailsQuery(Guid? userId)
+    private readonly bool _useFlexibleCollections;
+    public UserCipherDetailsQuery(Guid? userId, bool useFlexibleCollections)
    {
        _userId = userId;
+        _useFlexibleCollections = useFlexibleCollections;
    }
+
    public virtual IQueryable<CipherDetails> Run(DatabaseContext dbContext)
+    {
+        return _useFlexibleCollections
+            ? Run_VNext(dbContext)
+            : Run_VCurrent(dbContext);
+    }
+
+    private IQueryable<CipherDetails> Run_VCurrent(DatabaseContext dbContext)
    {
        var query = from c in dbContext.Ciphers

@ -78,6 +88,71 @@ public class UserCipherDetailsQuery : IQuery<CipherDetails>
        return union;
    }

+    private IQueryable<CipherDetails> Run_VNext(DatabaseContext dbContext)
+    {
+        var query = from c in dbContext.Ciphers
+
+                    join ou in dbContext.OrganizationUsers
+                        on new { CipherUserId = c.UserId, c.OrganizationId, UserId = _userId, Status = OrganizationUserStatusType.Confirmed } equals
+                           new { CipherUserId = (Guid?)null, OrganizationId = (Guid?)ou.OrganizationId, ou.UserId, ou.Status }
+
+                    join o in dbContext.Organizations
+                        on new { c.OrganizationId, OuOrganizationId = ou.OrganizationId, Enabled = true } equals
+                           new { OrganizationId = (Guid?)o.Id, OuOrganizationId = o.Id, o.Enabled }
+
+                    join cc in dbContext.CollectionCiphers
+                        on c.Id equals cc.CipherId into cc_g
+                    from cc in cc_g.DefaultIfEmpty()
+
+                    join cu in dbContext.CollectionUsers
+                        on new { cc.CollectionId, OrganizationUserId = ou.Id } equals
+                           new { cu.CollectionId, cu.OrganizationUserId } into cu_g
+                    from cu in cu_g.DefaultIfEmpty()
+
+                    join gu in dbContext.GroupUsers
+                        on new { CollectionId = (Guid?)cu.CollectionId, OrganizationUserId = ou.Id } equals
+                           new { CollectionId = (Guid?)null, gu.OrganizationUserId } into gu_g
+                    from gu in gu_g.DefaultIfEmpty()
+
+                    join g in dbContext.Groups
+                        on gu.GroupId equals g.Id into g_g
+                    from g in g_g.DefaultIfEmpty()
+
+                    join cg in dbContext.CollectionGroups
+                        on new { cc.CollectionId, gu.GroupId } equals
+                           new { cg.CollectionId, cg.GroupId } into cg_g
+                    from cg in cg_g.DefaultIfEmpty()
+
+                    where cu.CollectionId != null || cg.CollectionId != null
+
+                    select c;
+
+        var query2 = from c in dbContext.Ciphers
+                     where c.UserId == _userId
+                     select c;
+
+        var union = query.Union(query2).Select(c => new CipherDetails
+        {
+            Id = c.Id,
+            UserId = c.UserId,
+            OrganizationId = c.OrganizationId,
+            Type = c.Type,
+            Data = c.Data,
+            Attachments = c.Attachments,
+            CreationDate = c.CreationDate,
+            RevisionDate = c.RevisionDate,
+            DeletedDate = c.DeletedDate,
+            Favorite = _userId.HasValue && c.Favorites != null && c.Favorites.ToLowerInvariant().Contains($"\"{_userId}\":true"),
+            FolderId = GetFolderId(_userId, c),
+            Edit = true,
+            Reprompt = c.Reprompt,
+            ViewPassword = true,
+            OrganizationUseTotp = false,
+            Key = c.Key
+        });
+        return union;
+    }
+
    private static Guid? GetFolderId(Guid? userId, Cipher cipher)
    {
        try
--- a/src/Infrastructure.EntityFramework/Vault/Repositories/CipherRepository.cs
+++ b/src/Infrastructure.EntityFramework/Vault/Repositories/CipherRepository.cs
@ -199,9 +199,9 @@ public class CipherRepository : Repository<Core.Vault.Entities.Cipher, Cipher, G
        }
    }

-    public async Task DeleteAsync(IEnumerable<Guid> ids, Guid userId)
+    public async Task DeleteAsync(IEnumerable<Guid> ids, Guid userId, bool useFlexibleCollections)
    {
-        await ToggleCipherStates(ids, userId, CipherStateAction.HardDelete);
+        await ToggleCipherStates(ids, userId, CipherStateAction.HardDelete, useFlexibleCollections);
    }

    public async Task DeleteAttachmentAsync(Guid cipherId, string attachmentId)
@ -302,12 +302,12 @@ public class CipherRepository : Repository<Core.Vault.Entities.Cipher, Cipher, G
        }
    }

-    public async Task<CipherDetails> GetByIdAsync(Guid id, Guid userId)
+    public async Task<CipherDetails> GetByIdAsync(Guid id, Guid userId, bool useFlexibleCollections)
    {
        using (var scope = ServiceScopeFactory.CreateScope())
        {
            var dbContext = GetDatabaseContext(scope);
-            var userCipherDetails = new UserCipherDetailsQuery(userId);
+            var userCipherDetails = new UserCipherDetailsQuery(userId, useFlexibleCollections);
            var data = await userCipherDetails.Run(dbContext).FirstOrDefaultAsync(c => c.Id == id);
            return data;
        }
@ -347,13 +347,13 @@ public class CipherRepository : Repository<Core.Vault.Entities.Cipher, Cipher, G
        }
    }

-    public async Task<ICollection<CipherDetails>> GetManyByUserIdAsync(Guid userId, bool withOrganizations = true)
+    public async Task<ICollection<CipherDetails>> GetManyByUserIdAsync(Guid userId, bool useFlexibleCollections, bool withOrganizations = true)
    {
        using (var scope = ServiceScopeFactory.CreateScope())
        {
            var dbContext = GetDatabaseContext(scope);
            IQueryable<CipherDetails> cipherDetailsView = withOrganizations ?
-                new UserCipherDetailsQuery(userId).Run(dbContext) :
+                new UserCipherDetailsQuery(userId, useFlexibleCollections).Run(dbContext) :
                new CipherDetailsQuery(userId).Run(dbContext);
            if (!withOrganizations)
            {
@ -395,13 +395,13 @@ public class CipherRepository : Repository<Core.Vault.Entities.Cipher, Cipher, G
        }
    }

-    public async Task MoveAsync(IEnumerable<Guid> ids, Guid? folderId, Guid userId)
+    public async Task MoveAsync(IEnumerable<Guid> ids, Guid? folderId, Guid userId, bool useFlexibleCollections)
    {
        using (var scope = ServiceScopeFactory.CreateScope())
        {
            var dbContext = GetDatabaseContext(scope);
            var cipherEntities = dbContext.Ciphers.Where(c => ids.Contains(c.Id));
-            var userCipherDetails = new UserCipherDetailsQuery(userId).Run(dbContext);
+            var userCipherDetails = new UserCipherDetailsQuery(userId, useFlexibleCollections).Run(dbContext);
            var idsToMove = from ucd in userCipherDetails
                            join c in cipherEntities
                                on ucd.Id equals c.Id
@ -632,9 +632,9 @@ public class CipherRepository : Repository<Core.Vault.Entities.Cipher, Cipher, G
        }
    }

-    public async Task<DateTime> RestoreAsync(IEnumerable<Guid> ids, Guid userId)
+    public async Task<DateTime> RestoreAsync(IEnumerable<Guid> ids, Guid userId, bool useFlexibleCollections)
    {
-        return await ToggleCipherStates(ids, userId, CipherStateAction.Restore);
+        return await ToggleCipherStates(ids, userId, CipherStateAction.Restore, useFlexibleCollections);
    }

    public async Task<DateTime> RestoreByIdsOrganizationIdAsync(IEnumerable<Guid> ids, Guid organizationId)
@ -662,12 +662,12 @@ public class CipherRepository : Repository<Core.Vault.Entities.Cipher, Cipher, G
        }
    }

-    public async Task SoftDeleteAsync(IEnumerable<Guid> ids, Guid userId)
+    public async Task SoftDeleteAsync(IEnumerable<Guid> ids, Guid userId, bool useFlexibleCollections)
    {
-        await ToggleCipherStates(ids, userId, CipherStateAction.SoftDelete);
+        await ToggleCipherStates(ids, userId, CipherStateAction.SoftDelete, useFlexibleCollections);
    }

-    private async Task<DateTime> ToggleCipherStates(IEnumerable<Guid> ids, Guid userId, CipherStateAction action)
+    private async Task<DateTime> ToggleCipherStates(IEnumerable<Guid> ids, Guid userId, CipherStateAction action, bool useFlexibleCollections)
    {
        static bool FilterDeletedDate(CipherStateAction action, CipherDetails ucd)
        {
@ -682,7 +682,7 @@ public class CipherRepository : Repository<Core.Vault.Entities.Cipher, Cipher, G
        using (var scope = ServiceScopeFactory.CreateScope())
        {
            var dbContext = GetDatabaseContext(scope);
-            var userCipherDetailsQuery = new UserCipherDetailsQuery(userId);
+            var userCipherDetailsQuery = new UserCipherDetailsQuery(userId, useFlexibleCollections);
            var cipherEntitiesToCheck = await (dbContext.Ciphers.Where(c => ids.Contains(c.Id))).ToListAsync();
            var query = from ucd in await (userCipherDetailsQuery.Run(dbContext)).ToListAsync()
                        join c in cipherEntitiesToCheck