Implemented Custom role and permissions (#1057)

* Implemented Custom role and permissions * Converted permissions columns to a json blob * Code review fixes for Permissions * sql build fix * Update Permissions.cs * formatting * Update IOrganizationService.cs * reworked a conditional * built out tests for relevant organization service methods * removed unused usings * fixed a broken test and a bad empty string init * removed 'Attribute' from some attribute instances
2025-07-01 08:02:49 -05:00 · 2021-01-12 11:02:39 -05:00
parent 99b95b5330
commit 63fcdc1418
39 changed files with 1116 additions and 149 deletions
--- a/src/Api/Controllers/CollectionsController.cs
+++ b/src/Api/Controllers/CollectionsController.cs
@ -45,13 +45,13 @@ namespace Bit.Api.Controllers
        public async Task<CollectionGroupDetailsResponseModel> GetDetails(string orgId, string id)
        {
            var orgIdGuid = new Guid(orgId);
-            if (!_currentContext.OrganizationManager(orgIdGuid))
+            if (!ManageAnyCollections(orgIdGuid) && !_currentContext.ManageUsers(orgIdGuid))
            {
                throw new NotFoundException();
            }

            var idGuid = new Guid(id);
-            if (_currentContext.OrganizationAdmin(orgIdGuid))
+            if (_currentContext.ManageAllCollections(orgIdGuid))
            {
                var collectionDetails = await _collectionRepository.GetByIdWithGroupsAsync(idGuid);
                if (collectionDetails?.Item1 == null || collectionDetails.Item1.OrganizationId != orgIdGuid)
@ -76,7 +76,7 @@ namespace Bit.Api.Controllers
        public async Task<ListResponseModel<CollectionResponseModel>> Get(string orgId)
        {
            var orgIdGuid = new Guid(orgId);
-            if (!_currentContext.OrganizationAdmin(orgIdGuid))
+            if (!_currentContext.ManageAllCollections(orgIdGuid) && !_currentContext.ManageUsers(orgIdGuid))
            {
                throw new NotFoundException();
            }
@ -108,14 +108,14 @@ namespace Bit.Api.Controllers
        public async Task<CollectionResponseModel> Post(string orgId, [FromBody]CollectionRequestModel model)
        {
            var orgIdGuid = new Guid(orgId);
-            if (!_currentContext.OrganizationManager(orgIdGuid))
+            if (!ManageAnyCollections(orgIdGuid))
            {
                throw new NotFoundException();
            }

            var collection = model.ToCollection(orgIdGuid);
            await _collectionService.SaveAsync(collection, model.Groups?.Select(g => g.ToSelectionReadOnly()),
-                !_currentContext.OrganizationAdmin(orgIdGuid) ? _currentContext.UserId : null);
+                !_currentContext.ManageAllCollections(orgIdGuid) ? _currentContext.UserId : null);
            return new CollectionResponseModel(collection);
        }

@ -154,7 +154,7 @@ namespace Bit.Api.Controllers

        private async Task<Collection> GetCollectionAsync(Guid id, Guid orgId)
        {
-            if (!_currentContext.OrganizationManager(orgId))
+            if (!ManageAnyCollections(orgId))
            {
                throw new NotFoundException();
            }
@ -169,5 +169,10 @@ namespace Bit.Api.Controllers

            return collection;
        }
+
+        private bool ManageAnyCollections(Guid orgId)
+        {
+            return _currentContext.ManageAssignedCollections(orgId) || _currentContext.ManageAllCollections(orgId);
+        }
    }
 }