[PM-11334] Add managed status to sync data (#4791)

* Refactor UserService to add GetOrganizationManagingUserAsync method to retrive the organization that manages a user * Refactor SyncController and AccountsController to include ManagedByOrganizationId in profile response
2025-07-02 08:32:50 -05:00 · 2024-09-26 11:21:51 +01:00
parent 2e072aebe3
commit 3f629e0a5a
6 changed files with 75 additions and 11 deletions
--- a/src/Api/Vault/Controllers/SyncController.cs
+++ b/src/Api/Vault/Controllers/SyncController.cs
@ -1,4 +1,5 @@
 using Bit.Api.Vault.Models.Response;
+using Bit.Core;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Enums.Provider;
 using Bit.Core.AdminConsole.Repositories;
@ -6,6 +7,7 @@ using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Data;
+using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
 using Bit.Core.Settings;
@ -30,6 +32,7 @@ public class SyncController : Controller
    private readonly IPolicyRepository _policyRepository;
    private readonly ISendRepository _sendRepository;
    private readonly GlobalSettings _globalSettings;
+    private readonly IFeatureService _featureService;

    public SyncController(
        IUserService userService,
@ -41,7 +44,8 @@ public class SyncController : Controller
        IProviderUserRepository providerUserRepository,
        IPolicyRepository policyRepository,
        ISendRepository sendRepository,
-        GlobalSettings globalSettings)
+        GlobalSettings globalSettings,
+        IFeatureService featureService)
    {
        _userService = userService;
        _folderRepository = folderRepository;
@ -53,6 +57,7 @@ public class SyncController : Controller
        _policyRepository = policyRepository;
        _sendRepository = sendRepository;
        _globalSettings = globalSettings;
+        _featureService = featureService;
    }

    [HttpGet("")]
@ -90,9 +95,23 @@ public class SyncController : Controller

        var userTwoFactorEnabled = await _userService.TwoFactorIsEnabledAsync(user);
        var userHasPremiumFromOrganization = await _userService.HasPremiumFromOrganization(user);
-        var response = new SyncResponseModel(_globalSettings, user, userTwoFactorEnabled, userHasPremiumFromOrganization, organizationUserDetails,
-            providerUserDetails, providerUserOrganizationDetails, folders, collections, ciphers,
-            collectionCiphersGroupDict, excludeDomains, policies, sends);
+        var managedByOrganizationId = await GetManagedByOrganizationIdAsync(user, organizationUserDetails);
+
+        var response = new SyncResponseModel(_globalSettings, user, userTwoFactorEnabled, userHasPremiumFromOrganization,
+            managedByOrganizationId, organizationUserDetails, providerUserDetails, providerUserOrganizationDetails,
+            folders, collections, ciphers, collectionCiphersGroupDict, excludeDomains, policies, sends);
        return response;
    }
+
+    private async Task<Guid?> GetManagedByOrganizationIdAsync(User user, IEnumerable<OrganizationUserOrganizationDetails> organizationUserDetails)
+    {
+        if (!_featureService.IsEnabled(FeatureFlagKeys.AccountDeprovisioning) ||
+            !organizationUserDetails.Any(o => o.Enabled && o.UseSso))
+        {
+            return null;
+        }
+
+        var organizationManagingUser = await _userService.GetOrganizationManagingUserAsync(user.Id);
+        return organizationManagingUser?.Id;
+    }
 }