SM-281: Secrets Manager Trash (#2688)

2025-07-01 16:12:49 -05:00 · 2023-02-20 13:01:49 -05:00
parent 34544f2292
commit 16bdd67cad
12 changed files with 525 additions and 2 deletions
--- a/src/Api/SecretsManager/Controllers/SecretsController.cs
+++ b/src/Api/SecretsManager/Controllers/SecretsController.cs
@ -70,6 +70,7 @@ public class SecretsController : Controller
    public async Task<SecretResponseModel> GetAsync([FromRoute] Guid id)
    {
        var secret = await _secretRepository.GetByIdAsync(id);
+
        if (secret == null || !_currentContext.AccessSecretsManager(secret.OrganizationId))
        {
            throw new NotFoundException();
--- a/src/Api/SecretsManager/Controllers/SecretsTrashController.cs
+++ b/src/Api/SecretsManager/Controllers/SecretsTrashController.cs
@ -0,0 +1,80 @@
+using Bit.Api.SecretsManager.Models.Response;
+using Bit.Core.Context;
+using Bit.Core.Exceptions;
+using Bit.Core.SecretsManager.Commands.Trash.Interfaces;
+using Bit.Core.SecretsManager.Repositories;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+
+namespace Bit.Api.SecretsManager.Controllers;
+
+[SecretsManager]
+[Authorize("secrets")]
+public class TrashController : Controller
+{
+    private readonly ICurrentContext _currentContext;
+    private readonly ISecretRepository _secretRepository;
+    private readonly IEmptyTrashCommand _emptyTrashCommand;
+    private readonly IRestoreTrashCommand _restoreTrashCommand;
+
+    public TrashController(
+        ICurrentContext currentContext,
+        ISecretRepository secretRepository,
+        IEmptyTrashCommand emptyTrashCommand,
+        IRestoreTrashCommand restoreTrashCommand)
+    {
+        _currentContext = currentContext;
+        _secretRepository = secretRepository;
+        _emptyTrashCommand = emptyTrashCommand;
+        _restoreTrashCommand = restoreTrashCommand;
+    }
+
+    [HttpGet("secrets/{organizationId}/trash")]
+    public async Task<SecretWithProjectsListResponseModel> ListByOrganizationAsync(Guid organizationId)
+    {
+        if (!_currentContext.AccessSecretsManager(organizationId))
+        {
+            throw new NotFoundException();
+        }
+
+        if (!await _currentContext.OrganizationAdmin(organizationId))
+        {
+            throw new UnauthorizedAccessException();
+        }
+
+        var secrets = await _secretRepository.GetManyByOrganizationIdInTrashAsync(organizationId);
+        return new SecretWithProjectsListResponseModel(secrets);
+    }
+
+    [HttpPost("secrets/{organizationId}/trash/empty")]
+    public async Task EmptyTrashAsync(Guid organizationId, [FromBody] List<Guid> ids)
+    {
+        if (!_currentContext.AccessSecretsManager(organizationId))
+        {
+            throw new NotFoundException();
+        }
+
+        if (!await _currentContext.OrganizationAdmin(organizationId))
+        {
+            throw new UnauthorizedAccessException();
+        }
+
+        await _emptyTrashCommand.EmptyTrash(organizationId, ids);
+    }
+
+    [HttpPost("secrets/{organizationId}/trash/restore")]
+    public async Task RestoreTrashAsync(Guid organizationId, [FromBody] List<Guid> ids)
+    {
+        if (!_currentContext.AccessSecretsManager(organizationId))
+        {
+            throw new NotFoundException();
+        }
+
+        if (!await _currentContext.OrganizationAdmin(organizationId))
+        {
+            throw new UnauthorizedAccessException();
+        }
+
+        await _restoreTrashCommand.RestoreTrash(organizationId, ids);
+    }
+}
--- a/src/Core/SecretsManager/Commands/Trash/IEmptyTrashCommand.cs
+++ b/src/Core/SecretsManager/Commands/Trash/IEmptyTrashCommand.cs
@ -0,0 +1,7 @@
+namespace Bit.Core.SecretsManager.Commands.Trash.Interfaces;
+
+public interface IEmptyTrashCommand
+{
+    Task EmptyTrash(Guid organizationId, List<Guid> ids);
+}
+
--- a/src/Core/SecretsManager/Commands/Trash/IRestoreTrashCommand.cs
+++ b/src/Core/SecretsManager/Commands/Trash/IRestoreTrashCommand.cs
@ -0,0 +1,6 @@
+namespace Bit.Core.SecretsManager.Commands.Trash.Interfaces;
+
+public interface IRestoreTrashCommand
+{
+    Task RestoreTrash(Guid organizationId, List<Guid> ids);
+}
--- a/src/Core/SecretsManager/Repositories/ISecretRepository.cs
+++ b/src/Core/SecretsManager/Repositories/ISecretRepository.cs
@ -6,6 +6,8 @@ namespace Bit.Core.SecretsManager.Repositories;
 public interface ISecretRepository
 {
    Task<IEnumerable<Secret>> GetManyByOrganizationIdAsync(Guid organizationId, Guid userId, AccessClientType accessType);
+    Task<IEnumerable<Secret>> GetManyByOrganizationIdInTrashAsync(Guid organizationId);
+    Task<IEnumerable<Secret>> GetManyByOrganizationIdInTrashByIdsAsync(Guid organizationId, IEnumerable<Guid> ids);
    Task<IEnumerable<Secret>> GetManyByIds(IEnumerable<Guid> ids);
    Task<IEnumerable<Secret>> GetManyByProjectIdAsync(Guid projectId, Guid userId, AccessClientType accessType);
    Task<Secret> GetByIdAsync(Guid id);
@ -13,5 +15,6 @@ public interface ISecretRepository
    Task<Secret> UpdateAsync(Secret secret);
    Task SoftDeleteManyByIdAsync(IEnumerable<Guid> ids);
    Task HardDeleteManyByIdAsync(IEnumerable<Guid> ids);
+    Task RestoreManyByIdAsync(IEnumerable<Guid> ids);
    Task<IEnumerable<Secret>> ImportAsync(IEnumerable<Secret> secrets);
 }