[EC-152] Hide Subscription/Billing information for Provider-managed organizations (#1970)

* Block billing endpoints if org is managed by Provider
2025-06-30 23:52:50 -05:00 · 2022-05-10 12:19:22 +10:00
parent 06c9b123f9
commit 227b725514
3 changed files with 38 additions and 17 deletions
--- a/src/Core/Context/CurrentContext.cs
+++ b/src/Core/Context/CurrentContext.cs
@ -261,7 +261,7 @@ namespace Bit.Core.Context

            if (Providers.Any())
            {
-                return (await GetProviderOrganizations()).Any(po => po.OrganizationId == orgId);
+                return await ProviderUserForOrgAsync(orgId);
            }

            return false;
@ -360,6 +360,15 @@ namespace Bit.Core.Context
                        && (o.Permissions?.ManageResetPassword ?? false)) ?? false);
        }

+        public async Task<bool> ManageBilling(Guid orgId)
+        {
+            var orgManagedByProvider = ProviderIdForOrg(orgId) != null;
+
+            return orgManagedByProvider
+                ? await ProviderUserForOrgAsync(orgId)
+                : await OrganizationOwner(orgId);
+        }
+
        public bool ProviderProviderAdmin(Guid providerId)
        {
            return Providers?.Any(o => o.Id == providerId && o.Type == ProviderUserType.ProviderAdmin) ?? false;
@ -390,6 +399,11 @@ namespace Bit.Core.Context
            return Providers?.Any(o => o.Id == providerId) ?? false;
        }

+        public async Task<bool> ProviderUserForOrgAsync(Guid orgId)
+        {
+            return (await GetProviderOrganizations()).Any(po => po.OrganizationId == orgId);
+        }
+
        public async Task<Guid?> ProviderIdForOrg(Guid orgId)
        {
            if (Organizations?.Any(org => org.Id == orgId) ?? false)
--- a/src/Core/Context/ICurrentContext.cs
+++ b/src/Core/Context/ICurrentContext.cs
@ -51,6 +51,8 @@ namespace Bit.Core.Context
        Task<bool> ManageSso(Guid orgId);
        Task<bool> ManageUsers(Guid orgId);
        Task<bool> ManageResetPassword(Guid orgId);
+        Task<bool> ManageBilling(Guid orgId);
+        Task<bool> ProviderUserForOrgAsync(Guid orgId);
        bool ProviderProviderAdmin(Guid providerId);
        bool ProviderUser(Guid providerId);
        bool ProviderManageUsers(Guid providerId);