[AC-292] Public Api - allow configuration of custom permissions (#4022)

* Also refactor OrganizationService user invite methods
2025-07-06 02:22:49 -05:00 · 2024-05-31 09:23:31 +10:00
parent 0189952e1f
commit 357ac4f40a
23 changed files with 829 additions and 179 deletions
--- a/bitwarden_license/src/Scim/Users/PostUserCommand.cs
+++ b/bitwarden_license/src/Scim/Users/PostUserCommand.cs
@ -1,11 +1,8 @@
-using Bit.Core.AdminConsole.Enums;
-using Bit.Core.Enums;
+using Bit.Core.Enums;
 using Bit.Core.Exceptions;
-using Bit.Core.Models.Data;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
-using Bit.Core.Utilities;
 using Bit.Scim.Context;
 using Bit.Scim.Models;
 using Bit.Scim.Users.Interfaces;
@ -36,23 +33,11 @@ public class PostUserCommand : IPostUserCommand

    public async Task<OrganizationUserUserDetails> PostUserAsync(Guid organizationId, ScimUserRequestModel model)
    {
-        var email = model.PrimaryEmail?.ToLowerInvariant();
-        if (string.IsNullOrWhiteSpace(email))
-        {
-            switch (_scimContext.RequestScimProvider)
-            {
-                case ScimProviderType.AzureAd:
-                    email = model.UserName?.ToLowerInvariant();
-                    break;
-                default:
-                    email = model.WorkEmail?.ToLowerInvariant();
-                    if (string.IsNullOrWhiteSpace(email))
-                    {
-                        email = model.Emails?.FirstOrDefault()?.Value?.ToLowerInvariant();
-                    }
-                    break;
-            }
-        }
+        var scimProvider = _scimContext.RequestScimProvider;
+        var invite = model.ToOrganizationUserInvite(scimProvider);
+
+        var email = invite.Emails.Single();
+        var externalId = model.ExternalIdForInvite();

        if (string.IsNullOrWhiteSpace(email) || !model.Active)
        {
@ -66,20 +51,6 @@ public class PostUserCommand : IPostUserCommand
            throw new ConflictException();
        }

-        string externalId = null;
-        if (!string.IsNullOrWhiteSpace(model.ExternalId))
-        {
-            externalId = model.ExternalId;
-        }
-        else if (!string.IsNullOrWhiteSpace(model.UserName))
-        {
-            externalId = model.UserName;
-        }
-        else
-        {
-            externalId = CoreHelpers.RandomString(15);
-        }
-
        var orgUserByExternalId = orgUsers.FirstOrDefault(ou => ou.ExternalId == externalId);
        if (orgUserByExternalId != null)
        {
@ -87,12 +58,11 @@ public class PostUserCommand : IPostUserCommand
        }

        var organization = await _organizationRepository.GetByIdAsync(organizationId);
-
        var hasStandaloneSecretsManager = await _paymentService.HasSecretsManagerStandalone(organization);
+        invite.AccessSecretsManager = hasStandaloneSecretsManager;

-        var invitedOrgUser = await _organizationService.InviteUserAsync(organizationId, EventSystemUser.SCIM, email,
-            OrganizationUserType.User, false, externalId, new List<CollectionAccessSelection>(), new List<Guid>(), hasStandaloneSecretsManager);
-
+        var invitedOrgUser = await _organizationService.InviteUserAsync(organizationId, invitingUserId: null, EventSystemUser.SCIM,
+            invite, externalId);
        var orgUser = await _organizationUserRepository.GetDetailsByIdAsync(invitedOrgUser.Id);

        return orgUser;