mirror of
https://github.com/bitwarden/server.git
synced 2025-07-01 16:12:49 -05:00
[PM-22101] Enforce restrictions on collections with DefaultUserCollection type (#5968)
* Add CreateCollectionCommand and associated interface with validation logic * Implement CreateCollectionCommand to handle collection creation with organization checks and access permissions. * Introduce ICreateCollectionCommand interface for defining the collection creation contract. * Add unit tests for CreateCollectionCommand to validate various scenarios including permission checks and error handling. * Add UpdateCollectionCommand and associated interface with validation logic * Implement UpdateCollectionCommand to handle collection updates with organization checks and access permissions. * Introduce IUpdateCollectionCommand interface for defining the collection update contract. * Add unit tests for UpdateCollectionCommand to validate various scenarios including permission checks and error handling. * Add scoped services for collection commands * Register ICreateCollectionCommand and IUpdateCollectionCommand in the service collection for handling collection creation and updates. * Refactor CollectionsController to use command interfaces for collection creation and updates * Updated CollectionsController to utilize ICreateCollectionCommand and IUpdateCollectionCommand for handling collection creation and updates, replacing calls to ICollectionService. * Adjusted related unit tests to verify the new command implementations. * Refactor ICollectionService and CollectionService to remove SaveAsync method * Removed the SaveAsync method from ICollectionService and its implementation in CollectionService. * Updated related tests in CollectionServiceTests to reflect the removal of SaveAsync, ensuring existing functionality remains intact. * Remove unused organization repository dependency from CollectionServiceTests * Add validation to CreateCollectionCommand to prevent creation of DefaultUserCollection type * Implemented a check in CreateCollectionCommand to throw a BadRequestException if a collection of type DefaultUserCollection is attempted to be created. * Added a unit test to verify that the exception is thrown with the correct message when attempting to create a collection of this type. * Add validation to DeleteCollectionCommand to prevent deletion of DefaultUserCollection type * Implemented checks in DeleteAsync and DeleteManyAsync methods to throw a BadRequestException if a collection of type DefaultUserCollection is attempted to be deleted. * Added unit tests to verify that the exceptions are thrown with the correct messages when attempting to delete collections of this type. * Add validation in UpdateCollectionCommand to prevent editing DefaultUserCollection type * Implemented a check in UpdateAsync to throw a BadRequestException if a collection of type DefaultUserCollection is attempted to be updated. * Added a unit test to verify that the exception is thrown with the correct message when attempting to update a collection of this type. * Add validation in UpdateOrganizationUserCommand to prevent modification of DefaultUserCollection type * Implemented a check to throw a BadRequestException if an attempt is made to modify member access for collections of type DefaultUserCollection. * Added a unit test to ensure the exception is thrown with the correct message when this condition is met. * Add validation in UpdateGroupCommand to prevent modification of DefaultUserCollection type * Implemented a check to throw a BadRequestException if an attempt is made to modify group access for collections of type DefaultUserCollection. * Added a unit test to ensure the exception is thrown with the correct message when this condition is met. * Add validation in BulkAddCollectionAccessCommand to prevent addition of collections of DefaultUserCollection type * Implemented a check to throw a BadRequestException if an attempt is made to add access to collections of type DefaultUserCollection. * Added a unit test to ensure the exception is thrown with the correct message when this condition is met. * Add validation in CollectionService to prevent modification of DefaultUserCollection type * Implemented a check in DeleteUserAsync to throw a BadRequestException if an attempt is made to modify member access for collections of type DefaultUserCollection. * Added a unit test to ensure the exception is thrown with the correct message when this condition is met. * Implement a check to throw a BadRequestException if an attempt is made to modify member access for collections of type DefaultUserCollection. * Add validation in CollectionsController to prevent deletion of DefaultUserCollection type * Implemented a check to return a BadRequestObjectResult if an attempt is made to delete a collection of type DefaultUserCollection. * Remove unused test method for handling DefaultUserCollection in CollectionsControllerTests * Update UpdateOrganizationUserCommandTests to use OrganizationUserType for user updates
This commit is contained in:
Rui Tomé
@ -49,4 +49,22 @@ public class CollectionServiceTest
|
||||
await sutProvider.GetDependency<IEventService>().DidNotReceiveWithAnyArgs()
|
||||
.LogOrganizationUserEventAsync<OrganizationUser>(default, default);
|
||||
}
|
||||
|
||||
[Theory, BitAutoData]
|
||||
public async Task DeleteUserAsync_WithDefaultUserCollectionType_ThrowsBadRequest(Collection collection,
|
||||
Organization organization, OrganizationUser organizationUser, SutProvider<CollectionService> sutProvider)
|
||||
{
|
||||
collection.Type = CollectionType.DefaultUserCollection;
|
||||
collection.OrganizationId = organization.Id;
|
||||
organizationUser.OrganizationId = organization.Id;
|
||||
|
||||
var exception = await Assert.ThrowsAsync<BadRequestException>(() =>
|
||||
sutProvider.Sut.DeleteUserAsync(collection, organizationUser.Id));
|
||||
Assert.Contains("You cannot modify member access for collections with the type as DefaultUserCollection.", exception.Message);
|
||||
|
||||
await sutProvider.GetDependency<IOrganizationUserRepository>().DidNotReceiveWithAnyArgs().GetByIdAsync(default);
|
||||
await sutProvider.GetDependency<ICollectionRepository>().DidNotReceiveWithAnyArgs().DeleteUserAsync(default, default);
|
||||
await sutProvider.GetDependency<IEventService>().DidNotReceiveWithAnyArgs()
|
||||
.LogOrganizationUserEventAsync<OrganizationUser>(default, default);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user