Implemented Custom role and permissions (#1057)

* Implemented Custom role and permissions * Converted permissions columns to a json blob * Code review fixes for Permissions * sql build fix * Update Permissions.cs * formatting * Update IOrganizationService.cs * reworked a conditional * built out tests for relevant organization service methods * removed unused usings * fixed a broken test and a bad empty string init * removed 'Attribute' from some attribute instances
2025-07-06 02:22:49 -05:00 · 2021-01-12 11:02:39 -05:00
parent 99b95b5330
commit 63fcdc1418
39 changed files with 1116 additions and 149 deletions
--- a/src/Core/Models/Api/Request/Organizations/OrganizationUpdateRequestModel.cs
+++ b/src/Core/Models/Api/Request/Organizations/OrganizationUpdateRequestModel.cs
@ -1,4 +1,5 @@
-using Bit.Core.Models.Table;
+using Bit.Core.Models.Data;
+using Bit.Core.Models.Table;
 using System.ComponentModel.DataAnnotations;

 namespace Bit.Core.Models.Api
@ -17,6 +18,8 @@ namespace Bit.Core.Models.Api
        [StringLength(50)]
        public string BillingEmail { get; set; }

+        public Permissions Permissions { get; set; }
+
        public virtual Organization ToOrganization(Organization existingOrganization, GlobalSettings globalSettings)
        {
            if (!globalSettings.SelfHosted)
--- a/src/Core/Models/Api/Request/Organizations/OrganizationUserRequestModels.cs
+++ b/src/Core/Models/Api/Request/Organizations/OrganizationUserRequestModels.cs
@ -1,8 +1,9 @@
-using Bit.Core.Models.Table;
+using Bit.Core.Models.Data;
+using Bit.Core.Models.Table;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
-using System;
 using System.Linq;
+using System.Text.Json;

 namespace Bit.Core.Models.Api
 {
@ -13,6 +14,7 @@ namespace Bit.Core.Models.Api
        [Required]
        public Enums.OrganizationUserType? Type { get; set; }
        public bool AccessAll { get; set; }
+        public Permissions Permissions { get; set; }
        public IEnumerable<SelectionReadOnlyRequestModel> Collections { get; set; }

        public IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
@ -62,11 +64,16 @@ namespace Bit.Core.Models.Api
        [Required]
        public Enums.OrganizationUserType? Type { get; set; }
        public bool AccessAll { get; set; }
+        public Permissions Permissions { get; set; }
        public IEnumerable<SelectionReadOnlyRequestModel> Collections { get; set; }

        public OrganizationUser ToOrganizationUser(OrganizationUser existingUser)
        {
            existingUser.Type = Type.Value;
+            existingUser.Permissions = JsonSerializer.Serialize(Permissions, new JsonSerializerOptions
+            {
+                PropertyNamingPolicy = JsonNamingPolicy.CamelCase,
+            });
            existingUser.AccessAll = AccessAll;
            return existingUser;
        }
--- a/src/Core/Models/Api/Response/OrganizationUserResponseModel.cs
+++ b/src/Core/Models/Api/Response/OrganizationUserResponseModel.cs
@ -4,7 +4,7 @@ using Bit.Core.Models.Data;
 using System.Collections.Generic;
 using System.Linq;
 using Bit.Core.Models.Table;
-
+using Bit.Core.Utilities;
 namespace Bit.Core.Models.Api
 {
    public class OrganizationUserResponseModel : ResponseModel
@ -22,6 +22,7 @@ namespace Bit.Core.Models.Api
            Type = organizationUser.Type;
            Status = organizationUser.Status;
            AccessAll = organizationUser.AccessAll;
+            Permissions = CoreHelpers.LoadClassFromJsonData<Permissions>(organizationUser.Permissions);
        }

        public OrganizationUserResponseModel(OrganizationUserUserDetails organizationUser, string obj = "organizationUser")
@ -37,6 +38,7 @@ namespace Bit.Core.Models.Api
            Type = organizationUser.Type;
            Status = organizationUser.Status;
            AccessAll = organizationUser.AccessAll;
+            Permissions = CoreHelpers.LoadClassFromJsonData<Permissions>(organizationUser.Permissions);
        }

        public string Id { get; set; }
@ -44,6 +46,7 @@ namespace Bit.Core.Models.Api
        public OrganizationUserType Type { get; set; }
        public OrganizationUserStatusType Status { get; set; }
        public bool AccessAll { get; set; }
+        public Permissions Permissions { get; set; }
    }

    public class OrganizationUserDetailsResponseModel : OrganizationUserResponseModel
--- a/src/Core/Models/Api/Response/ProfileOrganizationResponseModel.cs
+++ b/src/Core/Models/Api/Response/ProfileOrganizationResponseModel.cs
@ -1,6 +1,6 @@
 using Bit.Core.Enums;
 using Bit.Core.Models.Data;
-
+using Bit.Core.Utilities;
 namespace Bit.Core.Models.Api
 {
    public class ProfileOrganizationResponseModel : ResponseModel
@ -29,6 +29,7 @@ namespace Bit.Core.Models.Api
            Enabled = organization.Enabled;
            SsoBound = !string.IsNullOrWhiteSpace(organization.SsoExternalId);
            Identifier = organization.Identifier;
+            Permissions = CoreHelpers.LoadClassFromJsonData<Permissions>(organization.Permissions);
        }

        public string Id { get; set; }
@ -53,5 +54,6 @@ namespace Bit.Core.Models.Api
        public bool Enabled { get; set; }
        public bool SsoBound { get; set; }
        public string Identifier { get; set; }
+        public Permissions Permissions { get; set; }
    }
 }