[AC-10362] Remove OrganizationUser.AccessAll from code (#4622)

* Remove OrganizationUser.AccessAll from code * Add shadow property * Remove remaining reference * dotnet format * Fix tests * Bump migration dates
2025-06-30 23:52:50 -05:00 · 2024-08-26 21:03:44 +10:00
parent 78beac9f19
commit 22bd755b3c
21 changed files with 8249 additions and 159 deletions
--- a/src/Core/AdminConsole/Entities/OrganizationUser.cs
+++ b/src/Core/AdminConsole/Entities/OrganizationUser.cs
@ -20,10 +20,6 @@ public class OrganizationUser : ITableObject<Guid>, IExternal
    public OrganizationUserStatusType Status { get; set; }
    public OrganizationUserType Type { get; set; }

-    /// <summary>
-    /// AccessAll is deprecated and should always be left as false. Scheduled for removal.
-    /// </summary>
-    public bool AccessAll { get; set; } = false;
    [MaxLength(300)]
    public string? ExternalId { get; set; }
    public DateTime CreationDate { get; internal set; } = DateTime.UtcNow;
--- a/src/Core/AdminConsole/Models/Data/Organizations/OrganizationUsers/OrganizationUserUserDetails.cs
+++ b/src/Core/AdminConsole/Models/Data/Organizations/OrganizationUsers/OrganizationUserUserDetails.cs
@ -19,7 +19,6 @@ public class OrganizationUserUserDetails : IExternal, ITwoFactorProvidersUser
    public bool? Premium { get; set; }
    public OrganizationUserStatusType Status { get; set; }
    public OrganizationUserType Type { get; set; }
-    public bool AccessAll { get; set; }
    public bool AccessSecretsManager { get; set; }
    public string ExternalId { get; set; }
    public string SsoExternalId { get; set; }
--- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/UpdateOrganizationUserCommand.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/UpdateOrganizationUserCommand.cs
@ -92,11 +92,6 @@ public class UpdateOrganizationUserCommand : IUpdateOrganizationUserCommand
            throw new BadRequestException("Organization must have at least one confirmed owner.");
        }

-        if (user.AccessAll)
-        {
-            throw new BadRequestException("The AccessAll property has been deprecated by collection enhancements. Assign the user to collections instead.");
-        }
-
        if (collectionAccess?.Count > 0)
        {
            var invalidAssociations = collectionAccess.Where(cas => cas.Manage && (cas.ReadOnly || cas.HidePasswords));
--- a/src/Infrastructure.Dapper/AdminConsole/Helpers/OrganizationUserHelpers.cs
+++ b/src/Infrastructure.Dapper/AdminConsole/Helpers/OrganizationUserHelpers.cs
@ -1,36 +0,0 @@
-using System.Data;
-using Bit.Core.Entities;
-using Dapper;
-
-#nullable enable
-
-namespace Bit.Infrastructure.Dapper.AdminConsole.Helpers;
-
-public static class OrganizationUserHelpers
-{
-    public static DataTable ToTvp(this IEnumerable<OrganizationUser> orgUsers)
-    {
-        var table = new DataTable();
-        table.SetTypeName("[dbo].[OrganizationUserType2]");
-
-        var columnData = new List<(string name, Type type, Func<OrganizationUser, object?> getter)>
-        {
-            (nameof(OrganizationUser.Id), typeof(Guid), ou => ou.Id),
-            (nameof(OrganizationUser.OrganizationId), typeof(Guid), ou => ou.OrganizationId),
-            (nameof(OrganizationUser.UserId), typeof(Guid), ou => ou.UserId),
-            (nameof(OrganizationUser.Email), typeof(string), ou => ou.Email),
-            (nameof(OrganizationUser.Key), typeof(string), ou => ou.Key),
-            (nameof(OrganizationUser.Status), typeof(byte), ou => ou.Status),
-            (nameof(OrganizationUser.Type), typeof(byte), ou => ou.Type),
-            (nameof(OrganizationUser.AccessAll), typeof(bool), ou => ou.AccessAll),
-            (nameof(OrganizationUser.ExternalId), typeof(string), ou => ou.ExternalId),
-            (nameof(OrganizationUser.CreationDate), typeof(DateTime), ou => ou.CreationDate),
-            (nameof(OrganizationUser.RevisionDate), typeof(DateTime), ou => ou.RevisionDate),
-            (nameof(OrganizationUser.Permissions), typeof(string), ou => ou.Permissions),
-            (nameof(OrganizationUser.ResetPasswordKey), typeof(string), ou => ou.ResetPasswordKey),
-            (nameof(OrganizationUser.AccessSecretsManager), typeof(bool), ou => ou.AccessSecretsManager),
-        };
-
-        return orgUsers.BuildTable(table, columnData);
-    }
-}
--- a/src/Infrastructure.Dapper/AdminConsole/Repositories/OrganizationUserRepository.cs
+++ b/src/Infrastructure.Dapper/AdminConsole/Repositories/OrganizationUserRepository.cs
@ -9,7 +9,6 @@ using Bit.Core.Models.Data;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.Repositories;
 using Bit.Core.Settings;
-using Bit.Infrastructure.Dapper.AdminConsole.Helpers;
 using Dapper;
 using Microsoft.Data.SqlClient;

@ -420,6 +419,7 @@ public class OrganizationUserRepository : Repository<OrganizationUser, Guid>, IO

    public async Task<ICollection<Guid>?> CreateManyAsync(IEnumerable<OrganizationUser> organizationUsers)
    {
+        organizationUsers = organizationUsers.ToList();
        if (!organizationUsers.Any())
        {
            return default;
@ -430,12 +430,11 @@ public class OrganizationUserRepository : Repository<OrganizationUser, Guid>, IO
            organizationUser.SetNewId();
        }

-        var orgUsersTVP = organizationUsers.ToTvp();
        using (var connection = new SqlConnection(_marsConnectionString))
        {
            var results = await connection.ExecuteAsync(
-                $"[{Schema}].[{Table}_CreateMany2]",
-                new { OrganizationUsersInput = orgUsersTVP },
+                $"[{Schema}].[{Table}_CreateMany]",
+                new { jsonData = JsonSerializer.Serialize(organizationUsers) },
                commandType: CommandType.StoredProcedure);
        }

@ -444,17 +443,17 @@ public class OrganizationUserRepository : Repository<OrganizationUser, Guid>, IO

    public async Task ReplaceManyAsync(IEnumerable<OrganizationUser> organizationUsers)
    {
+        organizationUsers = organizationUsers.ToList();
        if (!organizationUsers.Any())
        {
            return;
        }

-        var orgUsersTVP = organizationUsers.ToTvp();
        using (var connection = new SqlConnection(_marsConnectionString))
        {
            var results = await connection.ExecuteAsync(
-                $"[{Schema}].[{Table}_UpdateMany2]",
-                new { OrganizationUsersInput = orgUsersTVP },
+                $"[{Schema}].[{Table}_UpdateMany]",
+                new { jsonData = JsonSerializer.Serialize(organizationUsers) },
                commandType: CommandType.StoredProcedure);
        }
    }
@ -539,27 +538,11 @@ public class OrganizationUserRepository : Repository<OrganizationUser, Guid>, IO
    public UpdateEncryptedDataForKeyRotation UpdateForKeyRotation(
        Guid userId, IEnumerable<OrganizationUser> resetPasswordKeys)
    {
-        return async (SqlConnection connection, SqlTransaction transaction) =>
-        {
-            const string sql = @"
-                            UPDATE
-                                [dbo].[OrganizationUser]
-                            SET
-                                [ResetPasswordKey] = AR.[ResetPasswordKey]
-                            FROM
-                                [dbo].[OrganizationUser] OU
-                            INNER JOIN
-                                @ResetPasswordKeys AR ON OU.Id = AR.Id
-                            WHERE
-                                OU.[UserId] = @UserId";
-
-            var organizationUsersTVP = resetPasswordKeys.ToTvp();
-
+        return async (connection, transaction) =>
            await connection.ExecuteAsync(
-                sql,
-                new { UserId = userId, resetPasswordKeys = organizationUsersTVP },
+                $"[{Schema}].[OrganizationUser_UpdateDataForKeyRotation]",
+                new { UserId = userId, OrganizationUserJson = JsonSerializer.Serialize(resetPasswordKeys) },
                transaction: transaction,
-                commandType: CommandType.Text);
-        };
+                commandType: CommandType.StoredProcedure);
    }
 }
--- a/src/Infrastructure.EntityFramework/AdminConsole/Repositories/Queries/OrganizationUserUserViewQuery.cs
+++ b/src/Infrastructure.EntityFramework/AdminConsole/Repositories/Queries/OrganizationUserUserViewQuery.cs
@ -24,7 +24,6 @@ public class OrganizationUserUserDetailsViewQuery : IQuery<OrganizationUserUserD
            Premium = x.u.Premium,
            Status = x.ou.Status,
            Type = x.ou.Type,
-            AccessAll = x.ou.AccessAll,
            ExternalId = x.ou.ExternalId,
            SsoExternalId = x.su.ExternalId,
            Permissions = x.ou.Permissions,
--- a/src/Infrastructure.EntityFramework/Configurations/OrganizationUserEntityTypeConfiguration.cs
+++ b/src/Infrastructure.EntityFramework/Configurations/OrganizationUserEntityTypeConfiguration.cs
@ -12,10 +12,6 @@ public class OrganizationUserEntityTypeConfiguration : IEntityTypeConfiguration<
            .Property(ou => ou.Id)
            .ValueGeneratedNever();

-        NpgsqlIndexBuilderExtensions.IncludeProperties(
-            builder.HasIndex(ou => new { ou.UserId, ou.OrganizationId, ou.Status }).IsClustered(false),
-            ou => ou.AccessAll);
-
        builder
            .HasIndex(ou => ou.OrganizationId)
            .IsClustered(false);
--- a/src/Infrastructure.EntityFramework/Repositories/DatabaseContext.cs
+++ b/src/Infrastructure.EntityFramework/Repositories/DatabaseContext.cs
@ -104,6 +104,9 @@ public class DatabaseContext : DbContext

        // Shadow property configurations
        eGroup.Property<bool>("AccessAll").HasDefaultValue(false);
+        builder.Entity<OrganizationUser>()
+            .Property<bool>("AccessAll")
+            .HasDefaultValue(false);

        eCipher.Property(c => c.Id).ValueGeneratedNever();
        eCollection.Property(c => c.Id).ValueGeneratedNever();