[AC-1124] Restrict admins from accessing items in Collections tab (#3676)

* [AC-1124] Add GetManyUnassignedOrganizationDetailsByOrganizationIdAsync to the CipherRepository * [AC-1124] Introduce IOrganizationCiphersQuery.cs to replace some CipherService queries * [AC-1124] Add additional CipherDetails model that includes CollectionIds * [AC-1124] Update CiphersController and response models - Add new endpoint for assigned ciphers - Update existing endpoint to only return all ciphers when feature flag is enabled the user has access * [AC-1124] Add migration script * [AC-1124] Add follow up ticket for Todos * [AC-1124] Fix feature service usage after merge with main * [AC-1124] Optimize unassigned ciphers query * [AC-1124] Update migration script date * [AC-1124] Update migration script date * [AC-1124] Formatting
2025-07-02 00:22:50 -05:00 · 2024-02-08 14:07:58 -08:00
parent 058f1822ed
commit 636f716d62
14 changed files with 470 additions and 11 deletions
--- a/src/Infrastructure.EntityFramework/Vault/Repositories/CipherRepository.cs
+++ b/src/Infrastructure.EntityFramework/Vault/Repositories/CipherRepository.cs
@ -349,6 +349,17 @@ public class CipherRepository : Repository<Core.Vault.Entities.Cipher, Cipher, G
        }
    }

+    public async Task<ICollection<CipherOrganizationDetails>> GetManyUnassignedOrganizationDetailsByOrganizationIdAsync(Guid organizationId)
+    {
+        using (var scope = ServiceScopeFactory.CreateScope())
+        {
+            var dbContext = GetDatabaseContext(scope);
+            var query = new CipherOrganizationDetailsReadByOrganizationIdQuery(organizationId, true);
+            var data = await query.Run(dbContext).ToListAsync();
+            return data;
+        }
+    }
+
    public async Task<ICollection<CipherDetails>> GetManyByUserIdAsync(Guid userId, bool useFlexibleCollections, bool withOrganizations = true)
    {
        using (var scope = ServiceScopeFactory.CreateScope())
--- a/src/Infrastructure.EntityFramework/Vault/Repositories/Queries/CipherOrganizationDetailsReadByOrganizationIdQuery.cs
+++ b/src/Infrastructure.EntityFramework/Vault/Repositories/Queries/CipherOrganizationDetailsReadByOrganizationIdQuery.cs
@ -6,10 +6,17 @@ namespace Bit.Infrastructure.EntityFramework.Repositories.Vault.Queries;
 public class CipherOrganizationDetailsReadByOrganizationIdQuery : IQuery<CipherOrganizationDetails>
 {
    private readonly Guid _organizationId;
+    private readonly bool _unassignedOnly;

-    public CipherOrganizationDetailsReadByOrganizationIdQuery(Guid organizationId)
+    /// <summary>
+    /// Query for retrieving ciphers organization details by organization id
+    /// </summary>
+    /// <param name="organizationId">The id of the organization to query</param>
+    /// <param name="unassignedOnly">Only include ciphers that are not assigned to any collection</param>
+    public CipherOrganizationDetailsReadByOrganizationIdQuery(Guid organizationId, bool unassignedOnly = false)
    {
        _organizationId = organizationId;
+        _unassignedOnly = unassignedOnly;
    }
    public virtual IQueryable<CipherOrganizationDetails> Run(DatabaseContext dbContext)
    {
@ -33,6 +40,18 @@ public class CipherOrganizationDetailsReadByOrganizationIdQuery : IQuery<CipherO
                        DeletedDate = c.DeletedDate,
                        OrganizationUseTotp = o.UseTotp,
                    };
+
+        if (_unassignedOnly)
+        {
+            var collectionCipherIds = from cc in dbContext.CollectionCiphers
+                                      join c in dbContext.Collections
+                                          on cc.CollectionId equals c.Id
+                                      where c.OrganizationId == _organizationId
+                                      select cc.CipherId;
+
+            query = query.Where(c => !collectionCipherIds.Contains(c.Id));
+        }
+
        return query;
    }
 }