nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-19 00:21:35 -05:00
Code Activity

[PM-22103] Exclude default collections from admin apis (#6021)

Browse Source 
* feat: exclude DefaultUserCollection from GetManyByOrganizationIdWithPermissionsAsync

Updated EF implementation, SQL procedure, and unit test to verify that default user collections are filtered from results

* Update the public CollectionsController.Get method to return a NotFoundResult for collections of type DefaultUserCollection.

* Add unit tests for the public CollectionsController

* Update ICollectionRepository.GetManyByOrganizationIdAsync to exclude results of the type DefaultUserCollection

Modified the SQL stored procedure and the EF query to reflect this change and added a new integration test to ensure the functionality works as expected.

* Refactor CollectionsController to remove unused IApplicationCacheService dependency

* Update IOrganizationUserRepository.GetDetailsByIdWithCollectionsAsync to exclude DefaultUserCollections

* Update IOrganizationUserRepository.GetManyDetailsByOrganizationAsync to exclude DefaultUserCollections

* Undo change to GetByIdWithCollectionsAsync

* Update integration test to verify exclusion of DefaultUserCollection in OrganizationUserRepository.GetDetailsByIdWithCollectionsAsync

* Clarify documentation in ICollectionRepository to specify that GetManyByOrganizationIdWithAccessAsync returns only shared collections belonging to the organization.

* Add Arrange, Act, and Assert comments to CollectionsControllerTests
This commit is contained in:
Rui Tomé
2025-07-18 13:00:54 +01:00
committed by GitHub
parent 828003f101
commit 30300bc59b
14 changed files with 500 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/Api/Public/Controllers/CollectionsController.cs
View File

@ -8,7 +8,6 @@ using Bit.Core.Context;
using Bit.Core.Enums;
using Bit.Core.OrganizationFeatures.OrganizationCollections.Interfaces;
using Bit.Core.Repositories;
using Bit.Core.Services;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
@ -21,18 +20,15 @@ public class CollectionsController : Controller
private readonly ICollectionRepository _collectionRepository;
private readonly IUpdateCollectionCommand _updateCollectionCommand;
private readonly ICurrentContext _currentContext;
private readonly IApplicationCacheService _applicationCacheService;
public CollectionsController(
ICollectionRepository collectionRepository,
IUpdateCollectionCommand updateCollectionCommand,
ICurrentContext currentContext,
IApplicationCacheService applicationCacheService)
ICurrentContext currentContext)
{
_collectionRepository = collectionRepository;
_updateCollectionCommand = updateCollectionCommand;
_currentContext = currentContext;
_applicationCacheService = applicationCacheService;
}
/// <summary>
@ -49,7 +45,8 @@ public class CollectionsController : Controller
public async Task<IActionResult> Get(Guid id)
{
(var collection, var access) = await _collectionRepository.GetByIdWithAccessAsync(id);
if (collection == null || collection.OrganizationId != _currentContext.OrganizationId)
if (collection == null || collection.OrganizationId != _currentContext.OrganizationId ||
collection.Type == CollectionType.DefaultUserCollection)
{
return new NotFoundResult();
}