[SM-918] Enforce project maximums on import (#3253)

* Refactor MaxProjectsQuery for multiple adds * Update unit tests * Add max project enforcement to imports
2025-06-30 15:42:48 -05:00 · 2023-09-07 17:51:35 -05:00
parent 2aaef3cf64
commit 4b482f0a34
6 changed files with 53 additions and 20 deletions
--- a/src/Api/SecretsManager/Controllers/ProjectsController.cs
+++ b/src/Api/SecretsManager/Controllers/ProjectsController.cs
@ -79,8 +79,8 @@ public class ProjectsController : Controller
            throw new NotFoundException();
        }

-        var (max, atMax) = await _maxProjectsQuery.GetByOrgIdAsync(organizationId);
-        if (atMax != null && atMax.Value)
+        var (max, overMax) = await _maxProjectsQuery.GetByOrgIdAsync(organizationId, 1);
+        if (overMax != null && overMax.Value)
        {
            throw new BadRequestException($"You have reached the maximum number of projects ({max}) for this plan.");
        }
--- a/src/Api/SecretsManager/Controllers/SecretsManagerPortingController.cs
+++ b/src/Api/SecretsManager/Controllers/SecretsManagerPortingController.cs
@ -4,6 +4,7 @@ using Bit.Core.Context;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.SecretsManager.Commands.Porting.Interfaces;
+using Bit.Core.SecretsManager.Queries.Projects.Interfaces;
 using Bit.Core.SecretsManager.Repositories;
 using Bit.Core.Services;
 using Bit.Core.Utilities;
@ -19,14 +20,18 @@ public class SecretsManagerPortingController : Controller
    private readonly ISecretRepository _secretRepository;
    private readonly IProjectRepository _projectRepository;
    private readonly IUserService _userService;
+    private readonly IMaxProjectsQuery _maxProjectsQuery;
    private readonly IImportCommand _importCommand;
    private readonly ICurrentContext _currentContext;

-    public SecretsManagerPortingController(ISecretRepository secretRepository, IProjectRepository projectRepository, IUserService userService, IImportCommand importCommand, ICurrentContext currentContext)
+    public SecretsManagerPortingController(ISecretRepository secretRepository, IProjectRepository projectRepository,
+        IUserService userService, IMaxProjectsQuery maxProjectsQuery, IImportCommand importCommand,
+        ICurrentContext currentContext)
    {
        _secretRepository = secretRepository;
        _projectRepository = projectRepository;
        _userService = userService;
+        _maxProjectsQuery = maxProjectsQuery;
        _importCommand = importCommand;
        _currentContext = currentContext;
    }
@ -69,6 +74,16 @@ public class SecretsManagerPortingController : Controller
            throw new BadRequestException("A secret can only be in one project at a time.");
        }

+        var projectsToAdd = importRequest.Projects?.Count();
+        if (projectsToAdd is > 0)
+        {
+            var (max, overMax) = await _maxProjectsQuery.GetByOrgIdAsync(organizationId, projectsToAdd.Value);
+            if (overMax != null && overMax.Value)
+            {
+                throw new BadRequestException($"The maximum number of projects for this plan is ({max}).");
+            }
+        }
+
        await _importCommand.ImportAsync(organizationId, importRequest.ToSMImport());
    }
 }
--- a/src/Core/SecretsManager/Queries/Projects/Interfaces/IMaxProjectsQuery.cs
+++ b/src/Core/SecretsManager/Queries/Projects/Interfaces/IMaxProjectsQuery.cs
@ -2,5 +2,5 @@

 public interface IMaxProjectsQuery
 {
-    Task<(short? max, bool? atMax)> GetByOrgIdAsync(Guid organizationId);
+    Task<(short? max, bool? overMax)> GetByOrgIdAsync(Guid organizationId, int projectsToAdd);
 }