[AC-2847] Simplify OrganizationUser and Group PUT methods and tests (#4479)

* refactor controller logic * add additional validation checks to update commands * refactor and improve tests
2025-06-30 23:52:50 -05:00 · 2024-07-16 10:47:28 +10:00
parent 7fee588812
commit 5df0e2180d
11 changed files with 1113 additions and 659 deletions
--- a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/UpdateOrganizationUserCommandTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/UpdateOrganizationUserCommandTests.cs
@ -1,6 +1,7 @@
 using System.Text.Json;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers;
+using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
@ -21,7 +22,7 @@ public class UpdateOrganizationUserCommandTests
 {
    [Theory, BitAutoData]
    public async Task UpdateUserAsync_NoUserId_Throws(OrganizationUser user, Guid? savingUserId,
-        List<CollectionAccessSelection> collections, IEnumerable<Guid> groups, SutProvider<UpdateOrganizationUserCommand> sutProvider)
+        List<CollectionAccessSelection> collections, List<Guid> groups, SutProvider<UpdateOrganizationUserCommand> sutProvider)
    {
        user.Id = default(Guid);
        var exception = await Assert.ThrowsAsync<BadRequestException>(
@ -29,22 +30,106 @@ public class UpdateOrganizationUserCommandTests
        Assert.Contains("invite the user first", exception.Message.ToLowerInvariant());
    }

+    [Theory, BitAutoData]
+    public async Task UpdateUserAsync_DifferentOrganizationId_Throws(OrganizationUser user, OrganizationUser originalUser,
+        Guid? savingUserId, SutProvider<UpdateOrganizationUserCommand> sutProvider)
+    {
+        sutProvider.GetDependency<IOrganizationUserRepository>().GetByIdAsync(user.Id).Returns(originalUser);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.UpdateUserAsync(user, savingUserId, null, null));
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateUserAsync_CollectionsBelongToDifferentOrganization_Throws(OrganizationUser user, OrganizationUser originalUser,
+        List<CollectionAccessSelection> collectionAccess, Guid? savingUserId, SutProvider<UpdateOrganizationUserCommand> sutProvider,
+        Organization organization)
+    {
+        Setup(sutProvider, organization, user, originalUser);
+
+        // Return collections with different organizationIds from the repository
+        sutProvider.GetDependency<ICollectionRepository>()
+            .GetManyByManyIdsAsync(Arg.Any<IEnumerable<Guid>>())
+            .Returns(callInfo => callInfo.Arg<IEnumerable<Guid>>()
+                .Select(guid => new Collection { Id = guid, OrganizationId = CoreHelpers.GenerateComb() }).ToList());
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.UpdateUserAsync(user, savingUserId, collectionAccess, null));
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateUserAsync_CollectionsDoNotExist_Throws(OrganizationUser user, OrganizationUser originalUser,
+        List<CollectionAccessSelection> collectionAccess, Guid? savingUserId, SutProvider<UpdateOrganizationUserCommand> sutProvider,
+        Organization organization)
+    {
+        Setup(sutProvider, organization, user, originalUser);
+
+        // Return matching collections, except that 1 is missing
+        sutProvider.GetDependency<ICollectionRepository>()
+            .GetManyByManyIdsAsync(Arg.Any<IEnumerable<Guid>>())
+            .Returns(callInfo =>
+            {
+                var result = callInfo.Arg<IEnumerable<Guid>>()
+                    .Select(guid => new Collection { Id = guid, OrganizationId = user.OrganizationId }).ToList();
+                result.RemoveAt(0);
+                return result;
+            });
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.UpdateUserAsync(user, savingUserId, collectionAccess, null));
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateUserAsync_GroupsBelongToDifferentOrganization_Throws(OrganizationUser user, OrganizationUser originalUser,
+        ICollection<Guid> groupAccess, Guid? savingUserId, SutProvider<UpdateOrganizationUserCommand> sutProvider,
+        Organization organization)
+    {
+        Setup(sutProvider, organization, user, originalUser);
+
+        // Return collections with different organizationIds from the repository
+        sutProvider.GetDependency<IGroupRepository>()
+            .GetManyByManyIds(Arg.Any<IEnumerable<Guid>>())
+            .Returns(callInfo => callInfo.Arg<IEnumerable<Guid>>()
+                .Select(guid => new Group { Id = guid, OrganizationId = CoreHelpers.GenerateComb() }).ToList());
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.UpdateUserAsync(user, savingUserId, null, groupAccess));
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateUserAsync_GroupsDoNotExist_Throws(OrganizationUser user, OrganizationUser originalUser,
+        ICollection<Guid> groupAccess, Guid? savingUserId, SutProvider<UpdateOrganizationUserCommand> sutProvider,
+        Organization organization)
+    {
+        Setup(sutProvider, organization, user, originalUser);
+
+        // Return matching collections, except that 1 is missing
+        sutProvider.GetDependency<IGroupRepository>()
+            .GetManyByManyIds(Arg.Any<IEnumerable<Guid>>())
+            .Returns(callInfo =>
+            {
+                var result = callInfo.Arg<IEnumerable<Guid>>()
+                    .Select(guid => new Group { Id = guid, OrganizationId = CoreHelpers.GenerateComb() }).ToList();
+                result.RemoveAt(0);
+                return result;
+            });
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.UpdateUserAsync(user, savingUserId, null, groupAccess));
+    }
+
    [Theory, BitAutoData]
    public async Task UpdateUserAsync_Passes(
        Organization organization,
        OrganizationUser oldUserData,
        OrganizationUser newUserData,
        List<CollectionAccessSelection> collections,
-        IEnumerable<Guid> groups,
+        List<Guid> groups,
        Permissions permissions,
        [OrganizationUser(type: OrganizationUserType.Owner)] OrganizationUser savingUser,
        SutProvider<UpdateOrganizationUserCommand> sutProvider)
    {
-        var organizationRepository = sutProvider.GetDependency<IOrganizationRepository>();
-        var organizationUserRepository = sutProvider.GetDependency<IOrganizationUserRepository>();
-        var organizationService = sutProvider.GetDependency<IOrganizationService>();
-
-        organizationRepository.GetByIdAsync(organization.Id).Returns(organization);
+        Setup(sutProvider, organization, newUserData, oldUserData);

        // Deprecated with Flexible Collections
        oldUserData.AccessAll = false;
@ -66,17 +151,20 @@ public class UpdateOrganizationUserCommandTests
        {
            PropertyNamingPolicy = JsonNamingPolicy.CamelCase,
        });
-        organizationUserRepository.GetByIdAsync(oldUserData.Id).Returns(oldUserData);
-        organizationUserRepository.GetManyByOrganizationAsync(savingUser.OrganizationId, OrganizationUserType.Owner)
-            .Returns(new List<OrganizationUser> { savingUser });
-        organizationService
-            .HasConfirmedOwnersExceptAsync(
-                newUserData.OrganizationId,
-                Arg.Is<IEnumerable<Guid>>(i => i.Contains(newUserData.Id)))
-            .Returns(true);
+
+        sutProvider.GetDependency<ICollectionRepository>()
+            .GetManyByManyIdsAsync(Arg.Any<IEnumerable<Guid>>())
+            .Returns(callInfo => callInfo.Arg<IEnumerable<Guid>>()
+                .Select(guid => new Collection { Id = guid, OrganizationId = oldUserData.OrganizationId }).ToList());
+
+        sutProvider.GetDependency<IGroupRepository>()
+            .GetManyByManyIds(Arg.Any<IEnumerable<Guid>>())
+            .Returns(callInfo => callInfo.Arg<IEnumerable<Guid>>()
+                .Select(guid => new Group { Id = guid, OrganizationId = oldUserData.OrganizationId }).ToList());

        await sutProvider.Sut.UpdateUserAsync(newUserData, savingUser.UserId, collections, groups);

+        var organizationService = sutProvider.GetDependency<IOrganizationService>();
        await organizationService.Received(1).ValidateOrganizationUserUpdatePermissions(
            newUserData.OrganizationId,
            newUserData.Type,
@ -97,7 +185,7 @@ public class UpdateOrganizationUserCommandTests
        [OrganizationUser(type: OrganizationUserType.User)] OrganizationUser newUserData,
        [OrganizationUser(type: OrganizationUserType.Owner, status: OrganizationUserStatusType.Confirmed)] OrganizationUser savingUser,
        List<CollectionAccessSelection> collections,
-        IEnumerable<Guid> groups,
+        List<Guid> groups,
        SutProvider<UpdateOrganizationUserCommand> sutProvider)
    {
        newUserData.Id = oldUserData.Id;
@ -106,6 +194,16 @@ public class UpdateOrganizationUserCommandTests
        newUserData.Permissions = CoreHelpers.ClassToJsonData(new Permissions());
        newUserData.AccessAll = true;

+        sutProvider.GetDependency<ICollectionRepository>()
+            .GetManyByManyIdsAsync(Arg.Any<IEnumerable<Guid>>())
+            .Returns(callInfo => callInfo.Arg<IEnumerable<Guid>>()
+                .Select(guid => new Collection { Id = guid, OrganizationId = oldUserData.OrganizationId }).ToList());
+
+        sutProvider.GetDependency<IGroupRepository>()
+            .GetManyByManyIds(Arg.Any<IEnumerable<Guid>>())
+            .Returns(callInfo => callInfo.Arg<IEnumerable<Guid>>()
+                .Select(guid => new Group { Id = guid, OrganizationId = oldUserData.OrganizationId }).ToList());
+
        sutProvider.GetDependency<IOrganizationRepository>()
            .GetByIdAsync(organization.Id)
            .Returns(organization);
@ -129,4 +227,24 @@ public class UpdateOrganizationUserCommandTests

        Assert.Contains("the accessall property has been deprecated", exception.Message.ToLowerInvariant());
    }
+
+    private void Setup(SutProvider<UpdateOrganizationUserCommand> sutProvider, Organization organization,
+        OrganizationUser newUser, OrganizationUser oldUser)
+    {
+        var organizationRepository = sutProvider.GetDependency<IOrganizationRepository>();
+        var organizationUserRepository = sutProvider.GetDependency<IOrganizationUserRepository>();
+        var organizationService = sutProvider.GetDependency<IOrganizationService>();
+
+        organizationRepository.GetByIdAsync(organization.Id).Returns(organization);
+
+        newUser.Id = oldUser.Id;
+        newUser.UserId = oldUser.UserId;
+        newUser.OrganizationId = oldUser.OrganizationId = organization.Id;
+        organizationUserRepository.GetByIdAsync(oldUser.Id).Returns(oldUser);
+        organizationService
+            .HasConfirmedOwnersExceptAsync(
+                oldUser.OrganizationId,
+                Arg.Is<IEnumerable<Guid>>(i => i.Contains(oldUser.Id)))
+            .Returns(true);
+    }
 }